Andrew Harris reports:

Michaels Stores Inc. (MIK:US), the world’s largest arts-and-crafts retailer, was sued by a customer for failing to safeguard data after the company said some payment-card information may have been used fraudulently.

The Irving, Texas-based company said Jan. 25 that it “recently learned of possible fraudulent activity on some U.S. payment cards that had been used at Michaels, suggesting the company may have experienced a data security attack.”

Christina Moyer, an Illinois consumer, sued the company today in federal court in Chicago, accusing Michaels of breaching an implied promise to protect that information. Moyer claims she and other customers on whose behalf she filed the complaint must spend time and money to deal with the consequences.

Read more on Bloomberg Businessweek.

And yes, if you’re thinking, “Wait, they haven’t even confirmed there’s been a breach yet,” you’re right. So why this rush to a lawsuit?

The case is Moyer v. Michaels Stores, 14-cv-561, U.S. District Court, Northern District of Illinois (Chicago).