Sears Holdings Corp., the retailer run by hedge fund manager Edward Lampert, said it's investigating a possible security breach after a series of cyberattacks on retailers.
Sears is working with a private digital forensics company and with the U.S. Secret Service to determine the extent of any incursion, according to two people familiar with the matter.
"There have been rumors and reports throughout the retail industry of security incidents at various retailers, and we are actively reviewing our systems to determine if we have been a victim of a breach," said Howard Riefs, a Sears spokesman. "We have found no information based on our review of our systems to date indicating a breach."
Retailers are on high alert for possible data breaches after a flurry of attacks that tarnished the image of retailers including Neiman Marcus Group and hurt sales at Target Corp. Pinpointing the scope of an attack can take a company weeks because of the stealth techniques used by hackers.
A report on the Neiman Marcus intrusion shows that the firm had been warned of possible fraudulent payments stemming from credit cards in mid-December, but it took a private forensics team until January to find the malware and confirm data was taken.
Sears shares declined more than 2 percent after Bloomberg News reported on the investigation. The stock closed at $44.75, up 4 percent, in New York.
The Secret Service is leading investigations of the attacks on Target and Neiman Marcus that have exposed the credit-card data of millions of U.S. consumers.
Sears, based in Hoffman Estates, Illinois, is attempting to mount a comeback under Chief Executive Officer Edward Lampert, the hedge-fund manager who took the reins of the company a year ago. He's investing in e-commerce and rewards programs in a bid to reverse a 28-quarter sales decline. He also has sold assets and sought to shrink the company's store base, saying retailers today need less square footage.
Lampert, who controls about 48 percent of Sears's shares, was named CEO in January 2013, eight years after he engineered Kmart Corp.'s $12 billion buyout of Sears in 2005. Kmart renamed itself Sears Holdings after the merger. Though Lampert has struggled to make Sears profitable, he said in a letter to investors yesterday that his turnaround plan may begin to pay off this year. The company's net loss last quarter shrank to $358 million, or $3.37 a share, from $489 million, or $4.61, a year earlier. Revenue fell 14 percent to $10.6 billion.
Target, the second-largest U.S. discount chain, has said the theft of customer data may have affected anyone who provided basic information to the retailer over the past several years. In December, the Minneapolis-based retailer said credit- and debit-card data for as many as 40 million people who shopped in its stores between Nov. 27 and Dec. 15 may have been compromised. Earlier this month, the company said the thieves also got access to the names, phone numbers and home and e-mail addresses of as many 70 million people.
At Target, hackers gained access to payment-card information for tens of millions of customers at the height of the holiday shopping season last year, forcing the company to do months of damage control.
"At this time we are not able to reasonably estimate a range of possible losses on the payment card networks' potential claims," the company said this week.