Tori Austin was en route to a weekend in California when she got a call from Northwest Community Credit Union.

Tori Austin was en route to a weekend in California when she got a call from Northwest Community Credit Union.

The Springfield-based financial institution informed Austin her debit card had been canceled because of security issues and it would be several days before her card was replaced.

Austin is among the thousands of Oregonians whose debit cards were rendered useless as financial institutions moved quickly to cut off access to their checking accounts by thieves who stole data from craft retailer Michaels between Feb. 6 and May 8 this year. She shopped at Michaels in late February or early March.

Earlier last Friday, Austin's card was declined, but she didn't think much of it after hearing other customers had similar issues at a McDonald's. A cashier mentioned "we've been having problems, but maybe it's our machine."

On her way to Adin, Calif., the Central Point woman got the call from NCCU, where marketing vice president Matt Purvis said staff members stayed late to alert members, close accounts and reissue new cards as quickly as possible.

"Luckily, I was going to Dad's house and didn't need any money," Austin said. "It's an inconvenience to have the card shut off for a period of time, but I'm very happy my bank caught it and took proactive measures to make sure none of our accounts were compromised."

Operatives for what is believed to be a sizable organization tampered with payment card terminals in six Oregon Michaels stores, including Medford. A total of 84 were hit across the country.

Depending on a variety of factors, including location and customer shopping habits, banks and credit unions were alerted by Visa's compromised account management system, which provides a list of endangered card numbers and personal identification numbers.

At that point, said Rogue Federal Credit Union spokeswoman Jeanne Pickens, a decision was made on the severity of the breach and the appropriate course of action.

Pickens said initially 650 of its members were affected by the Michaels data breach, but then the credit union got word another 400 accounts were affected this week.

"We received notice late (Tuesday) afternoon of the second wave and within hours we had sent emails to all members that we had an email address for," she said. " I would say that we may not have seen the end of the Michaels breach."

RFCU called the 25 percent of its members who most frequently use cards.

The fraudulent attacks came as a surprise to many, because they were well after Michaels announced the data breach last month.

"When we first heard about it, we had no inkling our customers' cards were part of it," said Steve Erb, operations director for PremierWest Bank. "When we got the data, it sort of blew up all at once."

Although the pattern of use has moved from the Portland area to Southern Oregon, Erb said the majority of fraudulent hits using his customers' account numbers has come from Southern California and Las Vegas.

"We don't know how the bad guys are doing it, but it appears by geography," Erb said.

"They started in Portland and we don't have any customers in Portland, but it moved down to Roseburg then two days later to Medford. We have some tools at our disposal to track what's going on.

"Early on, we were seeing activity at convenience stores and gas stations and buying gift cards," Erb said. "We were able to reduce the limits on those transactions. If our customers were doing legitimate business they could make their transactions. But we were able to shut down the fraudsters within two hours."

Police reports from the Willamette Valley indicate accounts were typically hit for $300 to $800. Banks and credit unions moved quickly to restore money to make their customer accounts whole. Several indicated they hope to get an eventual settlement from Michaels.

Reach reporter Greg Stiles at 541-776-4463 or email business@mailtribune.com.