Data Breach At Chatbot Service Potentially Affects 100,000 Sears Consumers



UPDATE: Best Buy confirmed in a statement that a number of customers may have had their payment information compromised during the [24] payment breach.

Best Buy has not revealed the number of potential customers affected by the breach, indicating “a small fraction of our overall online customer population could have been caught up in this [24] incident, whether or not they used the chat function.”

Sears confirmed that one of its customer support services experienced a security incident in fall 2017 that may have exposed credit card information of nearly 100,000 Sears customers. The incident also affected Delta Airlines consumers.

[24], an AI-powered chatbot platform that provides online support services to Sears and Kmart, notified Sears of the breach in mid-March 2017, the retailer revealed in a blog post. Sears immediately notified the credit card companies to prevent potential fraud, and launched an investigation with federal law enforcement authorities, banking partners and IT security firms.

Continue reading “Data Breach At Chatbot Service Potentially Affects 100,000 Sears Consumers”

Saks Fifth Avenue, Lord & Taylor Confirm Data Breach Affecting Up To 5 Million Shoppers

On April 1, HBC confirmed a report that hackers had breached payment systems in its Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores. As many as five million shoppers may have been affected by the breach, according to the Wall Street Journal report. HBC has not revealed how many accounts have been exposed, but noted in a statement that it “has identified the issue and has taken steps to contain it.”

While HBC didn’t reveal the specific data that may have been compromised, the retailer said there is no indication that Social Security or Social Insurance numbers, driver’s license numbers or PINs have been affected by the breach.

Continue reading “Saks Fifth Avenue, Lord & Taylor Confirm Data Breach Affecting Up To 5 Million Shoppers”

MICROS Data Breach Could Involve Russian Cybercriminals

Computer systems at MICROS, a division of Oracle, have suffered a data breach that also has compromised a customer support portal for its MICROS point-of-sale credit card payment systems, according to a report in KrebsOnSecurity.

Oracle, which purchased MICROS in 2014, has confirmed that it is investigating a breach at the POS division. In an email to ZDNet, the company said it had “detected and addressed malicious code in certain legacy MICROS systems,” but that Oracle’s own systems, corporate network, cloud and other services were not affected. The company also noted that payment card data is encrypted both at rest and transit in MICROS-hosted environments.

Continue reading “MICROS Data Breach Could Involve Russian Cybercriminals”

Despite Rise In Data Breaches, Retailers’ Confidence In Handling Them Increases

Retailers are gaining confidence when it comes to handling cybersecurity issues even as data breaches continue to increase. As many as 75% of IT professionals within retail believe their organization would detect a data breach on their critical systems within 48 hours, according to the Tripwire 2016 Retail Security Survey.

The figure represents a huge jump in confidence compared to two years ago, when 42% of respondents expressed confidence about detecting a breach that quickly. In fact, 2014 totals indicated that 20% of retail IT reps had no confidence at all in detecting these kind of breaches, a number that has since shrunk down to just 5%.

Continue reading “Despite Rise In Data Breaches, Retailers’ Confidence In Handling Them Increases”

Breach Exposes Details Of 3.3 Million Hello Kitty Users, But No Data Is Stolen

More than three million accounts associated with the Hello Kitty brand on, and were left vulnerable to data theft, according to a report from CSO Online. Sanrio, the retailer and designer that owns the Hello Kitty brand, said it has since secured the servers.

Online security researcher Chris Vickery uncovered the database vulnerability on Dec. 19, contacting CSO Salted Hash and The leaked information included users’ first and last names, birthdays, genders, countries of origin, email addresses, password hashes, password hint questions and answers and other data, according to Vickery.

In a statement, Sanrio Digital said, “At this time we have no indication that any personal information was stolen.” Credit card and additional payments information was not included in the leaked data, and user passwords were encrypted.

In addition to the primary SanrioTown database, two additional backup servers containing mirrored data also were discovered. The earliest logged exposure of this data is November 22, 2015.

Vickery, who explores security vulnerabilities in his spare time and reports them to the affected companies, said the hole in the Hello Kitty site was the result of a database misconfiguration, leaving it open to public access without a password or authentication, according to Reuters.

This is the second time Sanrio has had to deal with a database leaking information. Earlier in 2015, the company investigated a database leak that exposed information on more than 6,000 shareholders.

The incident comes on the heels of the data breach of another Hong Kong-based children’s product brand, VTech. That hack exposed personal data, chat logs and photos of as many as 6.3 million people, including 200,000 children. This month, UK police arrested a 21-year-old man in connection with the VTech breach.


Another $39.4 Million Added To Target Data Breach Bill

Target StoreTo resolve claims by banks and credit unions that claimed losses from its 2013 data breach, Target has agreed to pay $39.4 million. The settlement, filed on Dec. 2, resolves class action claims by lenders seeking to hold Target responsible for the institutions’ costs to reimburse fraudulent charges and issue new payment cards, according to a Reuters report.

Target will pay as much as $20.25 million to banks and credit unions and $19.11 million to reimburse MasterCard Inc. card issuers. The settlement won preliminary approval from U.S. District Judge Paul Magnuson in St. Paul, Minn., according to a report. A hearing on final approval is scheduled for May 10, 2016.

Continue reading “Another $39.4 Million Added To Target Data Breach Bill”

Children’s Photos, Chat Logs Snagged From VTech Site

The personal data of up to five million parents and more than 200,000 children was lifted from the servers of digital learning toy manufacturer VTech.

Information was swiped from the Learning Lodge app store database. Learning Lodge is a site that allows consumers to download apps, learning games, E-books and other content to their VTech toys.

Continue reading “Children’s Photos, Chat Logs Snagged From VTech Site”

America’s Thrift Stores Reports Data Security Breach

AmericasThriftAmerica’s Thrift Stores, an organization that operates donations-based thrift stores in the Southeastern U.S., revealed in an official statement that it has been the victim of a malware-driven data security breach. The breach targeted software used by a third-party service provider.

The statement, from Kenneth Sobaski, CEO of America’s Thrift Stores, indicated the breach enabled criminals from Eastern Europe to access some payment card numbers.

Continue reading “America’s Thrift Stores Reports Data Security Breach”

Dairy Queen Ramps Up Payment Security With Netsurion

Cyber criminals are becoming increasingly sophisticated and are implementing new tactics to capture customer data. As a result, retailers need to constantly fortify their payment systems in order to ensure data security and PCI compliance.

Due to recent industrywide data breaches, American Dairy Queen Corporation (ADQ) has implemented Netsurion, a provider of cloud-managed IT security services, as its preferred managed firewall solution. The remotely hosted platform is designed to improve security across its chain of nearly 6,500 Dairy Queen stores and corporate locations.

Continue reading “Dairy Queen Ramps Up Payment Security With Netsurion”