This post is also available in: heעברית (Hebrew)


Sears (NASDAQ: SHLD) announced last Friday (Oct 10) some of K-Mart’s outlets (out of at least 1,200 in the US alone), which is a subsidiary of Sears, “were victims of a cyberattack.”

K-Mart’s payments system was breach as early as September, according to Reuters. There are concerns the credit card data (K-Mart-issued debit cards, payment and credit cards) as well as other credit card data had been stolen.

The discovery of the malware (malicious software) is credited to K-Mart’s IT-team, which also installed a patch, a software that enabled solving the hack and removing the malware, whose origin is still unknown. K-Mart’s IT received assistance from a data security company, and they continue to work closely with the banks and the financial system, as well as with federal law enforcement agencies, in order to trace the source of the attack.

Sears’ shares dropped nearly 6% at the opening of trade when news of the cyberattack and the breach spread, along with knowledge they could cause a great deal of damage in their wake. The news comes only a few days after major Sears suppliers announced they were holding shipments of goods due to concerns over Sears’ financial liquidity.

Sears’ reassuring announcement, the inconvenient circumstances of the cyberattack and a short explanation of payment systems – the Technology Desk is setting the record straight:

iHLS Israel Homeland Security

The recent cyberattack on K-Mart is part of a series of hacker attacks on American retail chains, the most memorable of which have been on Target and Home Depot, to name but a few. The reason for this flurry of current attacks stems from a high shortage of data security means as well as relevant and skilled personnel – primarily resulting from these companies’ very low profit margins. Sadly, it seems reality is much more painful and no less grave.

The working assumption must be that the vast majority of commercial companies above a certain commerical volume (let alone public, financial, government, military, academic and critical infrastructures) are constantly under some sort of cyberattack motivated by various reasons (economic, security, political and even personal) in the framework of various circumstances (shortage of skilled personnel, luring hacks, shortage of security means) to varying degrees.

Given the clear vulnerability of computerized arrays which serve critical infrastructure (electricity, water, nuclear, transportation and so on), a cyberattack on a department store, a clothing retailer or a D.I.Y chain store across the US seems trivial and hardly “sexy”.

Nevertheless, this is a fundamental error to underestimate the gravity of this attack. Companies would do well to uproot this attitude, and should allocate huge sums to deal with it, foster awareness towards this threat and educate their staff accordingly. K-Mart’s payment system hold the details of each and every customer’s credit card details (this easily applies to most Americans), complete with their addresses, emails, phone numbers, PIN code, signature verification and examples of their signature – and this is only the clientele-aspect.

Click here for part 2