An unknown number of Kmart stores have been targeted by hackers, leading to stolen credit card numbers and unauthorized activity on customers’ credit cards, Sears Holdings Corp. said late Wednesday. Kmart’s store payment systems were infected with a virus-like computer code undetectable by current anti-virus systems. No personal information, such as names, addresses, social security numbers and email addresses, was pilfered, the company said. Sears Holdings also said that it has removed the hackers’ code and is confident Kmart shoppers can safely use their credit cards in stores. Kmart suffered a very similar data breach in October 2014.
Total Retail’s Take: Data security should be of the utmost importance to retailers. Consumers trust companies to keep their personal information safe, and when that trust is broken, it can be difficult to repair. There are other concerns for retailers when consumer data is stolen.
“Data may not be used right away, but down the road it can be matched with data from other breaches to build a more complete user profile,” Robert Capps, authorization strategist and vice president of NuData Security said. “Criminals could then use this information or sell it on the dark web for use in more targeted, large-scale spear phishing or identity theft attacks. Adding the layer of behavioral and passive biometrics will make this data much less useful. This breach is a perfect example of why the data being stolen needs to be devalued — if it can’t be used, it won’t be stolen in the first place.”