Table of Contents
NEW YORK — Sears Holdings Corp. became the latest retailer targeted by cybercriminals when it disclosed October 10 that point-of-sale registers at its Kmart stores were compromised by malicious software that stole customers’ credit and debit card accounts.
The security breach is believed to have started in early September and was discovered October 9, Sears said in a filing with the Securities and Exchange Commission. A preliminary investigation found no evidence that customers’ personal information, including Social Security numbers and e-mails, had been stolen, the Hoffman Estates, Ill.-based company said.
A wave of data thefts at such companies as Home Depot Inc., Supervalu Inc., Sally Beauty Holdings Inc., Michaels Cos. and Target Corp., have forced retailers to upgrade database and credit-card-processing security.
There have been 579 data breaches this year, a 27% increase over the same period last year, the Washington Post reported this month, citing data from the Identity Theft Research Center. Despite retailers’ efforts to tighten their defenses, the newspaper said, cybercriminals are almost always one step ahead.
Kmart, Home Depot and others reported that cybercriminals installed custom-built malware on their networks that were undetected by the retailers’ antivirus systems.
Home Depot sought to assure customers that the malware hackers used to steal an estimated 56 million debit and credit card numbers in the United States between April and early September was eliminated from its store networks, closing off the cyberthieves’ point of entry.
The Atlanta-based company also said it bolstered its network with new payment-security protection “that locks down payment data through enhanced encryption, which takes raw payment card information and scrambles it to make it unreadable and virtually useless to hackers.”
The cyberattack on Home Depot is the largest retail card breach on record. It might have been much bigger, given the five-month duration of the operation, according to security experts, who suspect that the malware installation was limited to Home Depot’s self-checkout terminals.