Art and crafts retailer Michaels Stores confirmed Thursday that it about 3 million payment cards were affected by a data breach that ran from May 2013 to February 2014 in its Michaels and Aaron Brothers stores.

Retailers have been under fire for data breaches. Target late last year was hit with a large data breach that hurt the company's earnings and standing with customers.

The company said in January it learned of the breach and hired security firms to investigate. Michaels also said that it has contained the incident and the malware isn't a threat.

Michaels outlined the following:

The cards affected had payment card and expiration dates, but other personal information such as addresses, names and PINs weren't at risk.

Michaels stores were hit by point of system attacks between May 8, 2013 and Jan. 27. About 7 percent of the cards used, or 2.6 million cards, were affected.

Aarons Brothers confirmed the malware issue between June 26, 2013 and Feb. 27. About 400,000 cards were potentially affected.

As is standard practice, Michaels said it will offer identity protection, credit monitoring and fraud assistance to customers.

Related: