Add Sears Holdings Corp. to the list of companies that have had to notify customers about a data breach.
Sears said it was notified by 7.ai, a company that provides online support services to both Sears and Kmart, of a security incident last fall. Sears said, “We believe this incident involved unauthorized access to less than 100,000 of our customers’ credit card information.”
The retailer also said that it was notified in mid March of the incident, after which it contacted credit card companies to prevent potential fraud. Sears said it launched a thorough investigation with federal law enforcement authorities, its banking partners and IT security firms. That probe led Sears to conclude that credit card information for some customers who transacted online between Sept. 27, 2017 and Oct. 12, 2017 may have been compromised. Anyone using a Sears-branded credit card is not impacted by the security incident. Also Sears emphasized that there is “no evidence” that its stores were compromised or that any internal Sears systems were accessed by those responsible.
Sears said its top priority is to determine which customers might have been impacted and to notify and assist them in “any way possible.” The company said it would post updates on its web site. It added that most credit card companies have a policy where customers have no liability for any unauthorized charges if they report them in a timely manner.
The online support service firm said in a statement, “7.ai discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies, and affected clients have been notified….We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers’ online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.”
The disclosure follows that of Hudson’s Bay Co., which said on Sunday that some of its Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores in North America were hit with a “security issue involving customer payment card data.” Hudson’s Bay said it has taken steps to contain the matter. The company also said online transactions did not appear to have been impacted by the security issue.
Last week, Under Armour Inc. said it too had a security issue involving the data compromise of as many as 150 million people last month via an “unauthorized party” accessing information from its MyFitnessPal app.
Retailers in the past few years that have had to deal with data security issues include Target Corp., The TJX Cos. Inc. and Neiman Marcus.