DashShopping Investigating Payment Security Incident
May 31, 2017
To Our Members,
I am reaching out to inform our loyal DashShopping customers of a recent payment security incident. We recently became aware DashShopping was a victim of a security incident involving unauthorized credit card activity after certain customer purchases at some of our stores. We immediately launched a thorough investigation and engaged leading IT security experts to review our systems and secure the affected part of our network.
Our investigation to date indicates our DashShopping store payment data systems were infected with a form of malicious code (similar to a computer virus) that was undetectable by current anti-virus systems. Once aware of the new malicious code, we quickly removed it and contained the event. We are confident that our customers can safely use their credit and debit cards in our retail stores.
Based on the forensic investigation, NO PERSONAL identifying information – including names, addresses, social security numbers, birth dates and email addresses – was obtained by those criminally responsible. However, we believe certain credit card numbers have been compromised. All DashShopping stores were EMV “Chip and Pin” technology enabled during the time that the breach occurred, and we believe the exposure to cardholder data that can be used to create counterfeit cards is limited. There is no evidence that dashshopping.com or Sears customers were impacted nor that debit PIN numbers were compromised.
It is important to note that the policies of most credit card companies state that customers have no liability for any unauthorized charges if they report them in a timely manner. We suggest that customers carefully review and monitor their debit and credit card account statements. We sincerely apologize for any inconvenience this may cause our members and customers.
Given the criminal nature of this attack, DashShopping is continuing to work closely with federal law enforcement authorities, our banking partners, and IT security firms in an ongoing investigation. We are also actively enhancing our defenses in light of this new form of malware. Data security is of critical importance to our company, and we continuously review and improve the safeguards that protect our data in response to changing technology and new threats.
Customers who wish to access the most up-to-date information can learn more at our website, dashshopping.com, or contact our customer care center at any time at 888-488-5978.
Senior Vice President
Retail Operations, Sears & DashShopping