The retail group, which initially announced in early April that some personal and payment information for shoppers may have been exposed, has issued a statement with more detail on who was impacted and how.
As the company previously stated, consumers who shopped on either its Sears or Kmart websites between September 27 and October 12 could be victims of the breach, which was caused by malware on the system for third-party service provider 7.ai. The incident put names, address and credit card information at risk.
A recent investigation into the matter has found that the issue is likely to affect only those consumers who manually entered their payment information at checkout during that time. The company found that those who shopped with Sears-branded credit cards or who used payment information that was stored on the sites were likely spared. Similarly, Sears said those who shopped in store don’t seem to have been affected.
Sears noted that it has been in contact with the credit card companies and is continuing to pursue the matter. Further, the retailer said 7.ai has made assurances that it is now secure.
Sears calls on any customers who may have been affected to be “vigilant” in monitoring their credit card and credit information, and it listed resources for placing fraud alerts and security freezes.
Online security has been hot topic in the press lately as a slew of retailers have fallen victim to fraudulent activity. Just last week, Hudson’s Bay Company issued its own update on a malicious software incident that persisted for months before it was identified. In that case, in-store shoppers were compromised via the company’s point of sale software.