Sears Denies BreachRetailer Says Systems Show No Evidence of Compromise
On Feb. 28, Bloomberg News and others reported that a possible breach at Sears Holding Corp. was being investigated by the Secret Service. Sears, which also owns Kmart, mygofer, Shop Your Way and Land's End, says it has not confirmed a breach.
In a statement e-mailed to Information Security Media Group, Sears says it is reviewing its systems and has found nothing to date to indicate its network has been attacked.
"There have been rumors and reports throughout the retail industry of security incidents at various retailers, and we are actively reviewing our systems to determine if we have been a victim of a breach," the statement reads.
But other industry sources tell Information Security Media Group that some card issuers are suspecting a breach of credit and debit cards that have been used at the Hoffman Estates, Ill.-based retailer. It's also not clear if there is any connection to be made between some of this new activity and the breach at Target Corp., which ultimately is believed to have compromised some 40 million U.S. payment cards, the executive adds.
"There is so much overlap in the population with other breaches that it's difficult to know at this early date which one is causative," the executive says. It's also too early to know whether card transactions conducted with other brands owned by Sears also were impacted, the executive says.
Financial fraud expert and Gartner Research analyst Avivah Litan says Sears is one of the two retailers rumored earlier this week during RSA Conference 2014 to have been breached. "But it was just speculation among industry players," Litan says. "I didn't hear anything about any fraud that happened because of it."
Rumors of Others Attacked
On Feb. 27, Litan said she was hearing rumors that two additional retailers, one in Europe and one in the U.S., had been breached.
Later that day, Verizon Communications Inc. confirmed it was reviewing two apparent retail breaches that may be linked to recent high-profile incidents, including the Target attack. Bryan Sartin of Verizon's Enterprise Solutions unit reportedly told the Wall Street Journal he couldn't disclose who the two retailers are.