Sears reported in an SEC filing on Thursday that it’s IT team detected a security breach on the Kmart payment data system. A leading IT security firm was immediately obtained to launch a fully investigation into the event.
Just this year banking giant JP Morgan and other retailers such as Target, Neiman Marcus and Home Depot have all had issues with cybersecurity attacks or malware. Andrew Avanessian, EVP of Avecto Consultancy & Technology Services revealed in an interview with the WHIR that the majority of cybersecurity attacks and malware downloads can be avoided with simple security measures.
According to the Sears SEC document, the breach began in early September with malware that was undetectable by the Kmart anti-virus system. Although no personal information such as debit card pin numbers, email addresses or social security numbers were compromised, Kmart does believe that a number of credit and debit card numbers may have been exposed. There is no evidence that Kmart.com custmers were affected.
Kmart is working with banks, federal law enforcement and it’s IT security firms on the investigation and are installing new software for protection.
“The privacy and security of our customers’ information is of utmost importance to us, and we are committed to doing everything we can to safeguard our customers’ information in the face of a recent surge of data attacks,” said Kmart president Alasdair James in a statement on Friday. “To further protect our members and customers who shopped with a credit or debit card in our Kmart stores during the month of September through yesterday (Oct. 9, 2014), Kmart will be offering free credit monitoring protection.”
Dairy Queen also confirmed in a statement on Thursday that 395 DQ stores along with one Orange Julius had systems infected with Backoff malware. Most DQ and Orange Julius locations are independently owned and operated requiring DQ international to work with franchise owners to determine the scope of the attack. Compromised third-party vendor’s account credentials were used to access the network.
Customer information affected includes card numbers, names and expiration dates. DQ is also offering free identity repair services to it’s customers.
Backoff malware is recognized as far back as October 2013, according to the US Computer Emergency Readiness Team. The malware works by logging keystrokes, scraping memory for data, injecting malicious stub into explorer.exe and command and control communication.