Ride the Lightning

Another Day, Another Data Breach – JP Morgan, Dairy Queen and Kmart

October 14, 2014

Good grief. Home Depot, JP Morgan and now Dairy Queen and KMart – and in short order.

As Forbes reported last Friday, Kmart has revealed that an undisclosed number of credit card numbers were stolen in a month-long data breach which began in early September, according to an SEC filing on Friday.

The filing states that Kmart's IT team discovered the breach on October 9th and that it had probably gone on since early September. As we have heard from other retailers, the belief is that Kmart's payment data systems were hit by malware that was “undetectable by current anti-virus systems.” Kmart says it has now removed the malware from its system.

Kmart has not announced the scope of the breach, but does not believe that any social security numbers, personal information, email addresses or debit card PIN numbers were stolen. Additionally, kmart.com customers were not impacted, according to Kmart’s release.

Obviously, it is still investigating the breach. And (have you heard this one before?) Kmart says it is working to improve its security systems.

Add this to Thursday's revelation that 395 Dairy Queen locations were compromised by Backoff malware. Last month gave us the compromise of 56 million credit cards used at Home Depot.

It is great to hear that all these companies are working on improving their security. My guess is that they didn't seriously roll up their sleeves and get to work until the foxes had cleaned out the chicken coop.

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq