Sears says Kmart stores hit by data breach
By Jim Finkle and Nathan Layne
(Reuters) - Sears Holdings Corp (SHLD.O: Quote) said it was the victim of a cyberattack that likely resulted in the theft of some customer payment cards at its Kmart stores, the latest in a series of computer security breaches to hit U.S. companies and dealing a fresh blow to the struggling U.S. retailer.
The U.S. Secret Service confirmed it was investigating the breach, which occurred in September and compromised the systems of Kmart, which has about 1,200 stores across the United States. The breach did not affect the Sears department store chain.
A Sears spokesman said he could not say how many credit and debit card numbers had been taken. He added that the personal information, debit card PIN numbers, email addresses and Social Security numbers of its customers remained safe.
Security professionals said they were not surprised to learn that yet another major retailer was reporting a breach, adding they believe many big merchants do not have adequate systems for detecting cyberattacks, which means they still remain easy prey for hackers.
“This is going to continue indefinitely until people change their practices,” said Shawn Henry, a former senior cyber cop with the FBI who is now of the president of cyber forensics firm CrowdStrike Services.
He said that hackers are able to get into networks because they are “so broad and vast” that attackers will always find a way in. Retailers need to do a better job of quickly detecting them before they begin to steal data, he said.
Sears said that the attackers used malicious software that was undetectible using anti-virus software, highlighting the challenge of keeping up with the evolving techniques of computer hackers. Company spokesman Chris Brathwaite said Sears had been upgrading its systems even before the recent spate of incidents involving retailers, which included a massive breach of the systems of Target Corp (TGT.N: Quote) in late 2013.
"Our IT team was able to quickly remove the malware and we are deploying further advanced software to protect our customers' information," Brathwaite said. Continued...