This week Sears revealed in a filing with the Securities and Exchange Commission that a security breach that occurred in September most likely caused customer payment card information to be compromised or stolen from the company's Kmart stores. Sears' IT team informed the retailer of the breach on Oct. 9, and an investigation of the intrusion is currently underway.
The malware has since been removed from the point of sale systems in Kmart's 1,200 U.S. stores, but the company still "believes certain debit and credit card numbers have been compromised," SC Magazine reported. The SEC filing noted that Kmart's data systems were infected with a type of malicious software that was not able to be detected by the anti-virus systems used by the company. The details of the attack – infecting POS systems, remaining undetected by anti-malware programs – suggests Kmart was hit by the same Backoff malware that was responsible for multiple other retail breaches this year, including the recent attack on Dairy Queen.
The malware enabled cybercriminals to steal the type of information necessary to make counterfeit copies of the exposed cards, however no fraudulent activity has been detected yet. While Sears believes payment card numbers were exposed, it maintains that personal information such as Social Security numbers, email addresses and PIN numbers were not compromised. A specific number of affected stores has yet to be released, but many experts believe that customers who shopped at any of Kmart's locations may be at risk, Threatpost reported. So far there has been no indication that customers shopping at Sears stores were similarly compromised.
Why do breaches continue despite use of security methods?
In an interview with SC Magazine, Bay Dynamics vice president of strategy Eric Ouellet noted that the increase in retail data breaches is not due to a lack of enterprise security measures.
"The reality is that, as long as organizations continue to look at IT security with an individual security solution silo view, data breaches like Kmart and Dairy Queen will continue to occur," Ouellet said in an email. "In fact, when you look at large organizations like Kmart, Dairy Queen, Home Depot and Target, the breaches did not occur due to a lack of security tools investment, or certification or lack of a disciplined security program approach."
Ouellet went on to say that the IT departments at most companies become overwhelmed with the large volumes of threat data generated by their security solutions, and they aren't able to gain actionable insights from it.
To keep enterprise IT teams from feeling like they are buried under a mountain of data, consider implementing a security information and event management service. SIEM solutions provide around the clock monitoring of corporate networks and take care of analyzing the vast amounts of threat information so IT professionals can work on more business-critical projects. Networks are monitored for any anomalous or suspicious behavior and any security events are analyzed to provide organizations with actionable information that helps to create a more efficient defense strategy.