Michaels announced in January that it had detected suspicious activity on its network. The arts and crafts store chain did not reveal until April 17 that an investigation confirmed a breach. Some security experts argue that what Michaels portrayed as a “highly sophisticated malware” strain may have eluded detection. Others say Michaels should have been able to detect the breach much sooner. Michaels declined to comment on why the breach took so long to confirm and whether the malware used was linked to other attacks, but CEO Chuck Rubin said the company needed time to collect forensic evidence.”]
Source: https://www.cuinfosecurity.com/michaels-so-long-to-report-breach-a-6774