Sears Holdings Corp (SHLD.O) confirmed that it was the victim of a major cyber attack which caused the theft of customer payment card data at its Kmart stores. The incident is the last one in order of times suffered by US companies, the retail industry has been brought to its knees by the attacks in recent months have caused the theft of data from hundreds of millions of unsuspecting users.
According to the filing, the data breach was discovered by the security team of Kmart on October 9th, and has likely been going on since early September.
Recently the restaurant chain Dairy Queen admitted that it may have compromised payment card information of customers across 46 U.S. states, the hackers were able to access payment card numbers, expiration dates and customer names, the company said in a statement. Other clamorous attacks hit the companies Home Depot Inc, Michaels Stores Inc and Neiman Marcus.
Also in this case the attackers compromised the systems at 1,200 Kmart stores across the United States, but according first information the data breach did not affect the Sears department store chain.
In time I’m writing it is not clear the exact number of customers impacted, a Sears spokesman anyway confirmed that credit and debit card numbers had been stolen by cyber criminals. The spokesman added that the personal information, debit card PIN numbers, email addresses and Social Security numbers of Kmart customers remained safe.
“This is going to continue indefinitely until people change their practices,” said Shawn Henry, president of cyber forensics firm CrowdStrike Services.
Security experts and investigators believe that big merchant does not have adequate systems for detecting cyber threats and the cybercrime is aware of this, the majority of companies lack of early warning of suspicious activities.
Retailers have underestimated security issues, many companies haven’t invested enough in cyber security with serious consequences.
The threat actors used a malware that was undetectable by anti-virus software, company spokesman Chris Brathwaite revealed that Sears had been upgrading its systems even before the recent incidents.
“Our IT team was able to quickly remove the malware and we are deploying further advanced software to protect our customers’ information,” Brathwaite said.
As usual these incidents must be analyzed considering the economic context of the victims, Kmart like many other chains is faced with crisis and the implementation of proper security defense request further investments.
“The breach comes as Sears is struggling to revive itself under Chief Executive Eddie Lampert, who has been closing stores and slashing costs to try to return to profitability. Critics say Lampert has been investing too little in the Sears and Kmart stores, contributing to nine straight quarterly losses.” states a blog post published by the Reuters Agency.
Mart apologized to its customers last week confirming that it is supporting an investigation of law enforcement, United States Secret Service and banking institutions.
(Security Affairs – data breach, Kmart)