Sears Hit by Customer Data Breach

By Melissa Campanelli

Sears Holdings Corp. said on Wednesday some of its customer payment information may have been exposed in a cybersecurity data breach at software service provider [24]7.ai, which provides online support services for Sears. In a statement on its blog, Sears said it was notified of the incident in mid-March, and the incident led to unauthorized access to the credit card information of under 100,000 of its customers. “We believe the credit card information for certain customers who transacted online between Sept. 27, 2017 and Oct. 12, 2017 may have been compromised,” Sears said. “Customers using a Sears-branded credit card were not impacted. In addition, there's no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible. [24]7.ai has assured us that its systems are now secure." Sears noted that security "is of critical importance to our company, and we take any matter related to customers’ personal information very seriously. Our top priority at this point is to quickly identify the impacted customers, notify and assist them in every way possible. It's important to note that the policies of most credit card companies state that customers have no liability for any unauthorized charges if they report them in a timely manner."

Total Retail's Take: Suddenly data breaches are becoming a "thing" again for retailers. Sears is the latest retailer to disclose a breach. Panera Bread announced that it left the data of millions of customers online for eight months or more before removing it from its website, as reported by KrebsOnSecurity. According to KrebsOnSecurity, the data, which included names, email and physical addresses, birthdays, loyalty card numbers, and the last four digits of credit card numbers, was visible in plain text on Panera's website for anyone that was signing up to place online food orders. Also, this week we reported that hackers stole information from more than 5 million credit and debit cards used at select Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores. Lastly, in late March, Under Armour admitted that about 150 million user accounts tied to its MyFitnessPal nutrition-tracking app were breached earlier this year. Why the surge in data breaches? No one knows for sure, but what is clear is that companies have to start doing a better job of keeping their customer data secure.

1 Comment

View Comments

Melissa Campanelli Author's page Melissa Campanelli is Editor-in-Chief of Total Retail. She is an industry veteran, having covered all aspects of retail, tech, digital, e-commerce, and marketing over the past 20 years. Melissa is also the co-founder of the Women in Retail Leadership Circle.