Kmart Confirms Data Breach Resulted in Theft of Customer Payment Information

Media Division | June 1, 2017

Cyber attacks and data breaches could be considered to be one of the largest threats to organizations in our modern times. We now hold extremely massive amounts of digital data and assets, and it can all be at risk when it is not properly protected. A single data breach or attack can result in catastrophic consequences for any business.  For instance, Target is now having to pay out huge settlements as a result of their customer payment data breach back in 2013. And in essentially the same type of attack, Kmart has now suffered a breach of their customer payment information.

An Undetected Threat

Sears Holding, which is the parent company of Kmart had said on Wednesday that the retailer had suffered a breach resulting in customer payment data being stolen by hackers. They did not specifically name the stores that were affected by the breach, but they did say that online purchases were not affected. A spokesman for Sears Holding had said that the payment systems had been compromised by malicious code that was unable to be detected by their application controls and anti-virus software. Once discovering the malware, they quickly removed it and said that cards are now safe to use in stores. One of the saving graces that stopped the attack from having been even worse was apparently the fact that Kmart had adapted their systems to be EMV compliant.  Sears said in a statement, “Based on the forensic investigation, NO PERSONAL identifying information (including names, addresses, social security numbers, and email addresses) was obtained by those criminally responsible. However, we believe certain credit card numbers have been compromised. Nevertheless, in light of our EMV compliant point of sale systems, which rolled out last year, we believe the exposure to cardholder data that can be used to create counterfeit cards is limited.” Overall, these chips protect payment data much more than traditional magnetic strips, and yet many organizations have not adapted the technology.

Kmart is currently working with private security organizations and federal investigators to address the incident. They have also said that they are working to fortify their security in response to this new malware. While this is a smart move, it is definitely a large point of hindsight on Kmart’s part. Security should be constantly maintained and upgraded to keep up with the modern threats being developed. The fact that their systems were completely unable to detect the malware shows that they had lacking security to some degree. A company that properly integrates comprehensive security and intelligence software/services are generally able to stay much more ahead of threats such as this.

The Importance of Comprehensive Cyber Security Intelligence

Hackers have continued to create much more advanced threats that are adept at bypassing traditional cyber security measures, as is proven in the above. There are numerous security tools that can help to prevent incidents like this, but one of the most valuable is cyber security intelligence. Properly sourced and implemented intelligence allows an organization to predict and mitigate threats before they even have a chance to attack. Proactive security such as this is necessary for today’s threat landscape, as purely defensive measures fall short of defending against all threats. Of course, basic defensive implements are still vital, but the point is that they no longer do the job by themselves. Massive Alliance offers cyber security intelligence sourced from all corners of the web that can help defend an organization from even the most malicious threats.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.