Sears May be Next Major Retailer to be Breached

Sears is investigating warnings, but has not yet found signs of a breach
Sears is investigating warnings, but has not yet found signs of a breach.

The Secret Service is investigating a possible security breach at Sears Holding Corp., which may be one of two major retailers rumored to have been breached in ways similar to December 2013 attacks on Target Corp. and Neiman-Marcus Group.

Verizon Communications, Inc. reported two possible breaches of major retailers, according to a Feb. 26 Wall Street Journal story.

Though Verizon didn’t name the retailers or provide any details, its lead investigator hinted that the same attackers, malware or techniques may be involved in at least two more large-scale attacks. “I’d say the earmarks of these situations look very, very similar,” according to Bryan Sartin, Verizon’s director of Research, Investigations, Solutions, Knowledge Team [security and intrusion detection], as quoted in the WSJ story. “At this point I’d be surprised if they were different.”

A source within the U.S. Secret Service confirmed it is investigating a possible attack on Sears, according to a Feb. 29 Bloomberg News story.

Sears confirmed that it is investigating whether it has been breached, but has found no indication yet that it had even been attacked. “There have been rumors and reports throughout the retail industry of security incidents at various retailers and we are actively reviewing our systems to determine if we have been a victim of a breach. We have found no information based on our review of our systems to date indicating a breach,” according to a terse statement posted on Sears’ web site Feb. 28.

The Secret Service continues to investigate the Target breach, the shakeout of which has yet to be completed.

The hackers who attacked Target have offered, on the black market, only a fraction the 40 million payment card numbers stolen during a three-week-long, malware-driven hack into Target’s point-of-sale systems in December, according to InformationWeek.

Too many stolen numbers would flood the market and tank the price, so hackers are dribbling out nubers a few at a time, according to Dan Ingevaldson, CTO of fraud-protection vendor Easy Solutions, who was quoted in the InformationWeek story.

“The Target breach is going to be happening for at least the next year, until the cards age out,” Ingevaldson said.

Sears has about 2,500 retail stores in the United States, compared to about 1,800 for Target.

Image: Hattanas Kumchai