Advertisement
10/13/2014

Kmart Becomes Latest Data Breach Victim

All aboard the Data Breach Express, next stop – drumroll please – Kmart!
 
All kidding aside, Sears Holdings Corporation has announced a data breach at its Kmart stores that began in early September. The company has said that Kmart's information technology team identified a breach last Thursday, and that it immediately launched a full investigation, working hand-in-hand with a security firm.
 
The retailer has since removed the malware, but it is believed a number of debit and credit card numbers have been compromised – the specific number has not yet been released. At this time no personal information, debit PIN numbers, email addresses or social security numbers however had been gleaned during the episode. There is no evidence at this time that online customers at kmart.com have been affected.
 
"Our Kmart store payment data systems were infected with a form of malware that was undetectable by current anti-virus systems," the company released in a statement.
 
The company added that it had "deployed advanced software to protect our customers' information" and that the store would offer free credit card monitoring to customers who had shopped at the retailer September through Thursday.
 
Kmart is latest in a string of cyberattacks dating back to fall of 2013, becoming an expectation rather than an exception. Retailers hit include Home Depot, Target, SuperValu and Neiman Marcus, pressuring retailers to reinforce their database and credit card processing security. Nationwide concerns about cyber intrusions have escalated after JPMorgan Chase shared that an attack by hackers exposed contact information of 76 million households and 7 million small businesses.
 
However, the majority of retailers are facing the facts: it's not a question of if you'll get hit, but when. A conversation with several retail CIOs shed some light on the topic – the truth is, retailers are unaware of exactly who is on their network, everyone is being breached they just don't know it until something this severe hits.  
 
So, retailers big and small, public and private, must strengthen their security and begin to close off any opportunities for malware to penetrate. It won't be the scale of the data breach, but how the retailer responds and contains the damage that will be make it or break it.