Skip to main content
close search
site logo
Dive Brief

Kmart hit by another malware attack

Published June 1, 2017
By
Contributor
Kmart

Dive Brief:

  • Kmart appears to be dealing with a malware-based security breach of the payment card processing systems in some of its stores, according to KrebsonSecurity, which reported that it was told by some banks that they had received alerts from credit card companies warning them about stolen cards that had previously been used at Kmart locations.

  • Kmart parent Sears Holdings admitted to Krebs in a statement that it was the “victim of a security incident,” and that it believes some credit card numbers were compromised, but added, “Based on the forensic investigation, NO PERSONAL identifying information (including names, addresses, social security numbers and email addresses) was obtained by those criminally responsible.”

  • The retailer said the malicious code used in this incident “was undetectable by current anti-virus systems and application controls.” Krebs noted that Kmart was affected by a similar security breach back in October 2014.

Dive Insight:

There are a lot of unknowns about this incident — how many Kmart stores were affected, how long the attack lasted (some malware attacks have gone on for months undetected) and to what extent credit card numbers were compromised.

This is yet another example of a security attack that was not intentionally made public by the retailer that was affected, and another case in which the retailer still isn't saying much even now that it has been made public. There have been several security attacks on retailers within the last couple years that were made public only by KrebsonSecurity's reporting.

Retailers in many cases have moved to reassure customers once the attacks were made public, and that's what Kmart is doing in this case, though it would be helpful to know why it believes no personal identifying details of customers were compromised. In response to the attack, the company said it is updating its security protections, though the admission that its previous security systems failed to detect the malicious code is not very reassuring, as that is exactly what Kmart said when it suffered a similar malware attack back in late 2014.

There is a sense with ongoing attacks that regardless of how retail industry responds or what it does, it remains one step behind the criminals. News of this attack comes just a couple of weeks after a malware attack on the store payment systems of Brook Brothers.

The hits keep coming, and while it doesn't appear that customers are walking away from victimized retailer en masse, although there may be a turning point at which that happens. A KPMG study last year said almost 20% of consumers would stop shopping at a retailer affected by an attack, but that left a lot who still would shop at that retailer. For retailers, cybersecurity risks are higher than ever, and if customers want real change in how companies handle these types of attacks they may need to start voting with their wallets.

Recommended Reading

Filed Under: Technology

Editors' picks

Company Announcements

View all | Post a press release
Guinness is the top beer among high earners: YouGov report
From YouGov America
November 19, 2024
New Interface Report Reveals Top Security Risks for U.S. Retail Chains
From Interface Systems
November 19, 2024
SRS Real Estate Partners Adds Commercial Real Estate Veteran Chris Stewart to Bolster Owner Se…
From SRS Real Estate Partners
November 14, 2024
Argon & Co Welcomes New Senior Executive to Lead North American Retail Practice
From Argon & Co
November 13, 2024
Editors' picks
Latest in Technology
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell