Following a string of publicized data breaches among well-known retailers including Target and Neiman Marcus, Sears Holdings Corp. announced on Friday that it is investigating a possible security breach at its own stores.
Sears said that it is currently working with the U.S. Secret Service and Verizon Communication, Inc.’s digital forensics unit to determine whether the department store may have also been the victim of a breach that could potentially affect millions.
“There have been rumors and reports throughout the retail industry of security incidents at various retailers, and we are actively reviewing our systems to determine if we have been a victim of a breach,” Sears’ company spokesman Howard Riefs told Bloomberg. While Riefs said that investigators have “found no information based on our review of our systems indicating a breach,” Sears is continuing to sift through its company data to find traces of hackers.
The effects of a breach at Sears could differ greatly depending upon whether a few of the stores’ systems were hacked or the company’s entire point-of-sale system was attacked, a consultant for major credit card issuers told Bloomberg; however, both types of attacks have been shown to cause resounding effects in recent months. In December 2013, Target announced that it was the victim of a data breach that allowed thieves to potentially gain access to 70 million shoppers’ payment cards used in stores across the country. According to the company, criminals infiltrated the retailers’ systems with malicious software, also known as malware, which is intended to collect credit or debit card information from shoppers when they swipe their cards for payment.
Then, in January 2014, Neiman Marcus confirmed that it had also been the victim of an attack that potentially put 1.1 million customers at risk for fraudulent charges on their cards. Although the malware in Neiman Marcus’ systems was not active in all locations or on all registers at affected stores, major credit card companies have reported that 9,200 payment cards have been fraudulently used following the breach. While the malware present in both the breaches appear similar, investigators have not confirmed whether the same group was behind both attacks, The New York Times reported.