Another Brand, Another Breach

In what is beginning to appear as a weekly occurrence, another major retailer has announced they have been a victim of a data breach. Late last week, Sears-owned discount department store Kmart, quietly announced via a Securities and Exchange Commission filing that the brand had suffered a breach through its point of sale (PoS) systems which were ultimately comprised by malicious software.

To address the issue, Kmart has now released a press release on the attack:

Based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible. There is also no evidence that kmart.com customers were impacted. This data breach has been contained and the malware has been removed. I sincerely apologize for any inconvenience this may cause our members and customers.

The company is working with an IT security firm to try and get to the bottom of the breach.

In the past year alone, retail-targeted data breaches are comprised of some of the most globally recognizable brands —from Target to Home Depot and Neiman Marcus to Dairy Queen. As this list of breached brands continues to grow, the question starts to shift from “Why is this happening?” to “What can we do to fight back?”

Big name brands need to wake up and smell the coffee—if you’re in the retail space you are now at a significant risk of being breached. To combat this risk, you need to be working with a security professional and investing in the right security technology BEFORE a breach occurs.

While this particular case was due to the injection of malware into Kmart’s software, the threat of unencrypted data is another major loophole that has been leaving retail brands increasingly vulnerable to an attack. While protecting the endpoint device is crucial in a sophisticated security strategy, encrypting data on that device and effectively managing and protecting your keys to ensure that your information is secure, is just as important. That way, if a server or PC is infected by malware your brand still has the ability to manage those encryption keys and keep the residing information safe from unwanted eyes.

By partnering with a security vendor before any damage has been done, brand can once again go back to focusing on what’s really important—keeping your customers happy.

Downloads:

Whitepaper: Benefits of Pre Boot Network Authentication Technology
Whitepaper: Five Pillars of Transparent Data Security
Ponemon Study: Total Cost of Ownership for Full Disk Encryption

Previous Post
How Secure is Your Website?
Next Post
SecTor 2014 – What We Learned

Related Posts

Protect and Partner Up

There have been many high profile breaches in 2014: Home Depot, Target, and the most recent, Sony Pictures Entertainment. These breaches clearly illustrate that there is much work to be done across all business sizes. (more…)
Read more

Data Breach Law

A new American law that would create a protocol of how a data breach is handled may be soon in play.. President Barrack Obama called for a federal legislation on Monday, January 12th that would standardize how a data breach…
Read more

SecTor 2014 – What We Learned

Last week, thousands of IT security professionals gathered in Toronto for the annual SecTor Security Conference to share compelling research and new techniques. From malware attacks to unencrypted stolen devices, data theft is rampant in the enterprise, and security solutions…
Read more
When virtual environments get too heavy

When Virtual Environments Get Too Heavy

As an encryption security vendor that is working its way into Mobile Device Management (MDM), I’m fascinated and constantly looking at new ways to secure mobile devices and company information. As someone with a background in virtualized environments, I’m even…
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu