Cyber Monday Deal: Up to 60% off InvestingProCLAIM SALE

Sears says Kmart stores hit by data breach

Published 11/10/2014, 01:22
© Reuters Customers walk into a Sears store at Fair Oaks Mall in Fairfax

By Jim Finkle and Nathan Layne

(Reuters) - Sears Holdings Corp SHLD.O said it was the victim of a cyber attack that likely resulted in the theft of some customer payment cards at its Kmart stores, the latest in a series of computer security breaches to hit U.S. companies and dealing a fresh blow to the struggling U.S. retailer.

The U.S. Secret Service confirmed it was investigating the breach, which occurred in September and compromised the systems of Kmart, which has about 1,200 stores across the United States. The breach did not affect the Sears department store chain.

A Sears spokesman said he could not say how many credit and debit card numbers had been taken. He added that the personal information, debit card PIN numbers, email addresses and Social Security numbers of its customers remained safe.

Security professionals said they were not surprised to learn that yet another major retailer was reporting a breach, adding they believe many big merchants do not have adequate systems for detecting cyber attacks, which means they still remain easy prey for hackers.

"This is going to continue indefinitely until people change their practices," said Shawn Henry, a former senior cyber cop with the FBI who is now of the president of cyber forensics firm CrowdStrike Services.

He said that hackers are able to get into networks because they are "so broad and vast" that attackers will always find a way in. Retailers need to do a better job of quickly detecting them before they begin to steal data, he said.

Sears said that the attackers used malicious software that was undetectable using anti-virus software, highlighting the challenge of keeping up with the evolving techniques of computer hackers. Company spokesman Chris Brathwaite said Sears had been upgrading its systems even before the recent spate of incidents involving retailers, which included a massive breach of the systems of Target Corp TGT.N in late 2013.

"Our IT team was able to quickly remove the malware and we are deploying further advanced software to protect our customers' information," Brathwaite said.

Security experts say retailers have traditionally not invested enough in security, partly because of the industry's relatively thin profit margins.

The breach comes as Sears is struggling to revive itself under Chief Executive Eddie Lampert, who has been closing stores and slashing costs to try to return to profitability. Critics say Lampert has been investing too little in the Sears and Kmart stores, contributing to nine straight quarterly losses.

Tom Kellermann, chief cybersecurity officer with security software maker Trend Micro, said that retailers need to be prepared to deal with malicious software crafted specifically for the purposes of burglarising retailers.

"It is debatable whether they had sufficient security in place to thwart these thieves. The real question that needs to be asked is why haven't they learned the lessons from the attacks on Target and others."

Kmart apologised to its customers on Friday and said it was working with federal authorities, banking partners and security firms in the probe.

© Reuters. Customers walk into a Sears store at Fair Oaks Mall in Fairfax

On Thursday, restaurant chain Dairy Queen, owned by Berkshire Hathaway Inc BRKa.N, confirmed that it may have compromised payment card information of customers across 46 U.S. states. Other widespread breaches include those of Home Depot Inc HD.N, Michaels Stores Inc and Neiman Marcus.

(Reporting by Yashaswini Swamynathan and Natalie Grover In Bangalore; Editing by Maju Samuel and Lisa Shumaker)

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.