Michaels said Saturday that it learned recently of "possible fraudulent activity" on some of its customers' payment cards, suggesting there may have been a breach.
CEO Chuck Rubin said the company has not confirmed a breach, but wanted to alert customers.
"We are concerned there may have been a data security attack on Michaels that may have affected our customers' payment card information and we are taking aggressive action to determine the nature and scope of the issue," Rubin said in a statement.
Secret Service spokesman George Ogilvie said his agency was investigating the matter.
Michaels gave no additional information on the possible breach, including how many customers may be involved, when those customers shopped at Michaels, and if the possible breach affected online or in-store shoppers.
But citing "the widely-reported criminal efforts to penetrate the data systems of U.S. retailers," the company warned customers of the possible issue. If a breach is confirmed, Michaels said in a post to its website it would offer free identity protection and credit monitoring.
In recent weeks Target (TGT, Fortune 500) and Neiman Marcus have each acknowledged breaches.
The attack on Target affected as many as 110 million customers, including 40 million credit and debit card shoppers at the height of the holiday shopping season.
Neiman Marcus said a three-month breach in the summer and fall affected 1.1 million customers.
Michaels says it operates more than 1,100 stores in the U.S. and Canada. To top of page