Customer payment details compromised in Best Buy and Kmart breaches

The compromise of customer payment data at Sears Holdings Corporation and Delta Air Lines through their chat services provider, [24], has also hit Best Buy and Kmart.

Key points

  • [24] discovered the cyber intrusion on April 4, which exposed several of its clients’ customer payment data
  • The data breach likely occurred between September 26 and October 12, 2017
  • Best Buy says that “only a small fraction” of its customers were affected
  • Best Buy will contact affected customers and has set up an email for them to get in touch
  • Kmart, which is under Sears Holdings, is working with federal law enforcement authorities, banking partners, and IT security companies in the investigation

Protect your organization and your customers’ personal data

This breach, the latest in a long list of high-profile data breaches in recent months, is yet another reminder that customer data must be properly secured and stored. Organizations need to conduct regular information security audits to help prevent data breaches. Information security audits are an important part of a comprehensive information security management system (ISMS).

ISO 27001 is the international standard for a best-practice ISMS. Achieving ISO 27001 certification demonstrates that an organization has taken reasonable steps to protect its sensitive and confidential data.

Learn how to implement ISO 27001 and audit against its requirements

IT Governance’s ISO27001 Lead Implementer and Lead Auditor Combination Online course will guide you through the process of implementing an ISO 27001-compliant ISMS. You will gain an understanding of the activities needed to plan, implement, and maintain a best-practice ISMS.

Leaders in ISO 27001