Brian Krebs writes:
In response to rumors in the financial industry that Sears may be the latest retailer hit by hackers, the company said today it has no indications that it has been breached. Although the Sears investigation is ongoing, experts say there is a good chance the identification of Sears as a victim is a false alarm caused by a common weaknesses in banks’ anti-fraud systems that becomes apparent mainly in the wake of massive breaches like the one at Target late last year.
Read more on KrebsOnSecurity.com.
Sears may not be the only company to possibly be falsely flagged as a common point of compromise.
After initially alerting customers about a “potential” breach based on reports from banks about a handful of fraudulent charges, Michaels Stores has yet to either confirm or deny that their system was breached, and I had already been wondering whether they really had a breach or if reports were a false positive. I guess we’ll have to wait to see, but given that at least some customers may be spooked from using payment cards when they hear reports or claims of “potential breaches,” financial industry insiders leaking such reports to the media – whether it’s Brian Krebs, a mainstream news reporter, or anyone else – may be unfairly harming businesses despite any noble intentions of sparing customers and banks from becoming victims of card fraud.