Sears Identifies Data Breach

Sears Holdings has identified a data breach that impacted some Sears and Kmart customers last fall.

[24]7.ai, a company that provides online support services to Sears and Kmart, notified Sears Holdings, as well as a number of other companies, that they experienced a security incident last fall. The company said the incident involved unauthorized access to less than 100,000 customers’ credit card information. As soon as [24]7.ai informed Sears in mid-March 2018, the company said it immediately notified the credit card companies to prevent potential fraud, and launched a thorough investigation with federal law enforcement authorities, banking partners, and IT security firms.

As a result of that investigation, Sears indicated that it believed the credit card information for certain customers who transacted online between September 27, 2017 and October 12, 2017 may have been compromised. Customers using a Sears-branded credit card were not impacted. In addition, there is no evidence that stores were compromised or that any internal Sears systems were accessed by those responsible. [24]7.ai has assured the company that its systems are now secure.

Sears Holdings stated, “Data security is of critical importance to our company, and we take any matter related to customer’s personal information very seriously. Our top priority at this point is to quickly identify the impacted customers, notify and assist them in every way possible.”

The company also will be establishing a hotline for customers.