In what is beginning to appear as a weekly occurrence, another major retailer has announced they have been a victim of a data breach. Late last week, Sears-owned discount department store Kmart, quietly announced via a Securities and Exchange Commission filing that the brand had suffered a breach through its point of sale (PoS) systems which were ultimately comprised by malicious software.
To address the issue, Kmart has now released a press release on the attack:
Based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible. There is also no evidence that kmart.com customers were impacted. This data breach has been contained and the malware has been removed. I sincerely apologize for any inconvenience this may cause our members and customers.
The company is working with an IT security firm to try and get to the bottom of the breach.
In the past year alone, retail-targeted data breaches are comprised of some of the most globally recognizable brands —from Target to Home Depot and Neiman Marcus to Dairy Queen. As this list of breached brands continues to grow, the question starts to shift from “Why is this happening?” to “What can we do to fight back?”
Big name brands need to wake up and smell the coffee—if you’re in the retail space you are now at a significant risk of being breached. To combat this risk, you need to be working with a security professional and investing in the right security technology BEFORE a breach occurs.
While this particular case was due to the injection of malware into Kmart’s software, the threat of unencrypted data is another major loophole that has been leaving retail brands increasingly vulnerable to an attack. While protecting the endpoint device is crucial in a sophisticated security strategy, encrypting data on that device and effectively managing and protecting your keys to ensure that your information is secure, is just as important. That way, if a server or PC is infected by malware your brand still has the ability to manage those encryption keys and keep the residing information safe from unwanted eyes.
By partnering with a security vendor before any damage has been done, brand can once again go back to focusing on what’s really important—keeping your customers happy.