Seems like cyber criminals have made a pledge to target famous retail chains in the US.
Sears owned Kmart is the latest victim. The wholly owned subsidiary of Sears Holdings Corp. informed on October 9 that its payment data systems were breached.
The US Secret Service is investigating a breach, which initially occurred in September and compromised Kmart payment systems. The retailer has 1200 stores across the US.
A spokesman for Sears stated he could not give the numbers of breached credit and debit cards. However, he informed debit card PIN numbers, email addresses, Social Security numbers and personal information of its customers remained safe.
According to security experts working on the case, Kmart stores payment systems were infected with a malware that went undetected by the current anti-virus programs in place, which presented the challenge of keeping up with evolving methods used by hacking experts.
Chris Brathwaite, company spokesman, stated Sears was upgrading its systems even before the hackers started targeting retailers.
“Our IT team was able to quickly remove the malware and we are deploying further advanced software to protect our customers’ information,” said Brathwaite.
The breach comes after the confirmation of a breach at Dairy Queen last week, which resulted in the breach of its systems at 395 of its US stores out of the total 4,500 and one Orange Julius location infected with the same ‘Backoff’ malware that has haunted other retailers nationwide and the payment information of victims.
These kind of breaches will continue to occur as long as retailers keep giving a wide berth to advanced security and actionable intelligence when it comes to securing payment systems and networks in stores. Breaches at Dairy Queen, Target, Home Depot and now Kmart did not happen because of a lack of a disciplined approach towards security, but because of not having the right security implementations in place.
Alasdair James, Kmart’s President, apologized “for any inconvenience this may cause our members and customers.” Like other retailers suffering data breaches affecting payment systems, Kmart is assuring everyone that “privacy and security of our customers’ information is of utmost importance,” and is offering credit monitoring free of cost to anyone who shopped at its store last month. The company added that customers won’t be liable for unauthorized charges if they report them quickly.
“If customers see any sign of suspicious activity, they should immediately contact their card issuer. More guidance is also available on our website, kmart.com and customers can contact our customer care center at 888-488-5978.”
Sears further stated it has no indication that any Sears, Roebuck customers were affected, and that the breach infected payment data systems at Kmart locations only.
How can retailers spruce up security against data breaches?
Kmart’s breach is being investigated, and perhaps it would push retailers, banks, and credit card service providers to improve security by encouraging the adoption of microchips in US debit and credit cards. Advocates purport card chips are safer; magnetic strip cards transfer credit card numbers after being swiped at a point-of-purchase or point-of-sale terminal. Chip cards, on the other hand, work using a one-time code that moves between the retailer’s payment register and the chip.
Kmart and all other retailers who have been attacked so far need to address these incidents in an effective manner. Apart from adopting card chips, they can leverage the option of solutions that give them a risk assessment composed of material extracted from the deepest corners of the web, NAS drives, unsecured cloud locations, I2P, IRC and TOR chatrooms, and other locations. This kind of threat assessment will show a retailer’s current exposure level, as well as historical and present threats, to prevent and mitigate data breach attacks.