Comparison Overview

Michaels Stores

VS

Lowe's Companies, Inc.

Michaels Stores

3939 W John Carpenter Fwy, Irving, Texas, US, 75063
Last Update: 2026-04-01
View Profile
Between 750 and 799
http://www.michaels.com/

At The Michaels Companies Inc., our purpose is to fuel the joy of creativity and celebration. As the leading destination for creating and celebrating in North America, we operate over 1,300 stores in 49 states and Canada and online at Michaels.com and Michaels.ca. The Michaels Companies, Inc. also owns Artistree, a manufacturer of custom and specialty framing merchandise, and MakerPlace by Michaels, a dedicated handmade goods marketplace. Founded in 1973 and headquartered in Irving, Texas, Michaels is the best place for all things creative. For more information, please visit www.michaels.com.

NAICS: 43
NAICS Definition: Retail Trade
Employees: 18,104
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
1
View Profile

Lowe's Companies, Inc.

1000 Lowes Blvd, Mooresville, 28117, US
Last Update: 2026-04-01
Between 800 and 849
https://talent.lowes.com

Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 20 million customers a week in the United States. Lowe’s and its related businesses operate or service more than 2,200 home improvement and hardware stores and employ over 300,000 associates. Based in Mooresville, N.C., Lowe’s supports the communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit Lowes.com.

NAICS: 43
NAICS Definition: Retail Trade
Employees: 107,016
Subsidiaries: 0
12-month incidents
0
Known data breaches
2
Attack type number
1

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/michaels-stores-inc-.jpeg
Michaels Stores
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/lowe's-home-improvement.jpeg
Lowe's Companies, Inc.
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Michaels Stores
100%
Compliance Rate
0/4 Standards Verified
Lowe's Companies, Inc.
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Retail Industry Average (This Year)

No incidents recorded for Michaels Stores in 2026.

Incidents vs Retail Industry Average (This Year)

No incidents recorded for Lowe's Companies, Inc. in 2026.

Incident History — Michaels Stores (X = Date, Y = Severity)

Michaels Stores cyber incidents detection timeline including parent company and subsidiaries

Incident History — Lowe's Companies, Inc. (X = Date, Y = Severity)

Lowe's Companies, Inc. cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/michaels-stores-inc-.jpeg
Michaels Stores
Incidents

Date Detected: 5/2013
Type:Cyber Attack
Attack Vector: Malware
Blog: Blog
https://images.rankiteo.com/companyimages/lowe's-home-improvement.jpeg
Lowe's Companies, Inc.
Incidents

Date Detected: 9/2024
Type:Breach
Attack Vector: Unauthorized Access
Blog: Blog

Date Detected: 7/2013
Type:Breach
Attack Vector: Unauthorized Access
Blog: Blog

FAQ

Lowe's Companies, Inc. company demonstrates a stronger AI Cybersecurity Score compared to Michaels Stores company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Lowe's Companies, Inc. company has faced a higher number of disclosed cyber incidents historically compared to Michaels Stores company.

In the current year, Lowe's Companies, Inc. company and Michaels Stores company have not reported any cyber incidents.

Neither Lowe's Companies, Inc. company nor Michaels Stores company has reported experiencing a ransomware attack publicly.

Lowe's Companies, Inc. company has disclosed at least one data breach, while Michaels Stores company has not reported such incidents publicly.

Michaels Stores company has reported targeted cyberattacks, while Lowe's Companies, Inc. company has not reported such incidents publicly.

Neither Michaels Stores company nor Lowe's Companies, Inc. company has reported experiencing or disclosing vulnerabilities publicly.

Neither Michaels Stores nor Lowe's Companies, Inc. holds any compliance certifications.

Neither company holds any compliance certifications.

Neither Michaels Stores company nor Lowe's Companies, Inc. company has publicly disclosed detailed information about the number of their subsidiaries.

Lowe's Companies, Inc. company employs more people globally than Michaels Stores company, reflecting its scale as a Retail.

Neither Michaels Stores nor Lowe's Companies, Inc. holds SOC 2 Type 1 certification.

Neither Michaels Stores nor Lowe's Companies, Inc. holds SOC 2 Type 2 certification.

Neither Michaels Stores nor Lowe's Companies, Inc. holds ISO 27001 certification.

Neither Michaels Stores nor Lowe's Companies, Inc. holds PCI DSS certification.

Neither Michaels Stores nor Lowe's Companies, Inc. holds HIPAA certification.

Neither Michaels Stores nor Lowe's Companies, Inc. holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published
Date
2026-04-01
Updated
Date
2026-04-01
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.

Published
Date
2026-04-01
Updated
Date
2026-04-01
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.

Published
Date
2026-04-01
Updated
Date
2026-04-01
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.

Published
Date
2026-04-01
Updated
Date
2026-04-01
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.

Published
Date
2026-04-01
Updated
Date
2026-04-01
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References