Newsroom

October 10, 2014

Dairy Queen, Kmart in latest data breach stories

Recent data breach news reports have Dairy Queen admitting to a breach at as many as 395 stores between August and September and Sears Holding Co. disclosing that malware at Kmart point-of-sale registers stole customer debit and credit card data.

In late August, Dairy Queen announced the breach after it was reported by KrebsonSecurity, which placed the attacks as early as June. Krebs reported the breach after a credit union in the Midwest contacted the blog to report a possible pattern after detecting fraud on more than 50 members' cards used recently at several Dairy Queen locations.

Dairy Queen and Kmart have said there is no indication that Social Security numbers, personal identification numbers or email addresses were taken in these incidents. Krebs also reported on the malware incident at Kmart, which posted a notice Friday about the malware incident.

In related news, federal investigators reportedly believe the hackers who breached JPMorgan Chase over the summer also stole information from Fidelity Investments, according to the Wall Street Journal. The paper's sources do not believe the breach of Fidelity was on the same scale as the JPMorgan breach affecting contact information for as many as 76 million households.

NAFCU's most recent Economic & CU Monitor survey looked at the impact of data breaches on credit unions. In the survey, 84.4 percent of respondents said they were affected by local data breaches and that large retailer breaches have exposed an average of 20.6 percent of members' payment cards.

NAFCU is the first financial trade association to call for a national retailer data security standard after last year's Target breach. It is a member of the Payments Security Task Force, which is focused on EMV chip implementation, and is pushing Congress to establish a bipartisan working group to develop legislative recommendations to address ongoing retailer breaches.