Previously Reported Data Security Incident - Customer Update and Instructions

Previously Reported Data Security Incident - Customer Update and Instructions

HOFFMAN ESTATES, Ill., April 27, 2018 /PRNewswire/ -- As we previously disclosed and was widely reported, in mid-March, a vendor providing online support services on our websites at Sears.com and Kmart.com informed our company that the vendor had experienced a security incident that may have affected the names, addresses, and payment card information for customers who placed or attempted to place orders on the Sears.com or Kmart.com websites between September 27, 2017 and October 12, 2017, and entered their payment card information manually on the checkout screen. Today, out of an abundance of care for our customers and to comply with various state regulations and requirements, we want to make sure potentially impacted customers in those states and those who may have missed the previously announced incident know the steps they can take to safeguard their information and their rights under their state's laws.

Sears has notified the credit card companies of this incident, and is conducting a thorough investigation. Our investigation has concluded that customers using Sears-branded credit cards and/or stored payment card information on the Sears.com and Kmart.com websites were not impacted. We also have not found any evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible. [24]7.ai has assured us that it has removed the malicious script from its code and its systems are now secure.

We encourage all our customers who believe they may be affected by this incident to monitor their card statements and review their free credit reports, and otherwise remain vigilant for suspected incidents of fraud or identity theft. Suspected incidents of identity theft should be reported to local law enforcement, the state attorney general, and/or the Federal Trade Commission. Individuals can also obtain information about the steps they can take to avoid identity theft from the Federal Trade Commission.

Customers who believe their information may have been affected by this incident may be able to place a fraud alert or security freeze on their credit reports, using the contact information below, to help protect against identity theft. Customers can also obtain more information about fraud alerts and security freezes from the Federal Trade Commission or from the consumer reporting agencies identified below.


    Federal Trade Commission   TransUnion         Equifax           Experian

    Consumer Response Center   P.O. Box 2000      P.O. Box 105788   P.O. Box 9532

    600 Pennsylvania, Ave., NW Chester, PA 19022  Atlanta, GA 30348 Allen, TX 9532

    Washington, DC 20580       1-800-680-7289     1-888-766-0008    1-888-397-3742

    1-877-ID-THEFT             www.transunion.com www.equifax.com   www.experian.com

    (1-877-438-4338)

    http://www.ftc.gov/idtheft


    ---

Customers who believe that their information may have been affected by this incident can obtain additional information by contacting Sears toll-free at (888)-488-5978, visiting our website at www.searsholdings.com/update, or contacting us by mail at 3333 Beverly Road, Hoffman Estates, IL 60179.

SPECIFIC INFORMATION FOR CUSTOMERS IN CERTAIN STATES:

RHODE ISLAND: Affected individuals are advised that they have the right to obtain a copy of any police report filed in regard to this incident. Individuals can also request a security freeze if they believe that their information may have been involved in this incident. To place a security freeze on a credit report, individuals can contact the consumer reporting agencies with the following information:

    1. full name, with middle initial and any suffixes;
    2. Social Security number;
    3. date of birth;
    4. current address and any previous addresses for the past two years; and
    5. any applicable incident report or complaint with a law enforcement agency
       or the Registry of Motor Vehicles.

The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. Each copy should be legible, display the individual's name and current mailing address, and the date of issue. Each consumer reporting agency may charge a fee of up to $10.00 for Rhode Island residents to place, temporarily lift, or remove a freeze, unless the individual is a victim of identity theft or the spouse of a victim of identity theft and has submitted a valid police report relating to the identity theft incident to the consumer reporting agency.

MARYLAND: For more information on identity theft, Maryland residents can contact the Maryland Attorney General's Office:

Address: 200 St. Paul Place, Baltimore, MD 21202
Telephone: 410-576-6491
Website: www.oag.state.md.us/idtheft/index.htm.

NORTH CAROLINA: For more information on identity theft, North Carolina residents can contact the North Carolina Attorney General's Office:

Address: 9001 Mail Service Center, Raleigh, NC 27699-9001
Telephone: 919-716-6400
Fax: 919-716-6750
Website: http://www.ncdoj.gov

WYOMING: Sears was not asked by law enforcement authorities to delay notifying our customers about this incident due to a law enforcement investigation. Sears has notified law enforcement about this incident.

About Sears, Roebuck and Co.
Sears, Roebuck and Co., a wholly owned subsidiary of Sears Holdings Corporation (NASDAQ: SHLD), is a leading integrated retailer providing merchandise and related services and is part of Shop Your Way, a social shopping experience where members have the ability to earn points and receive benefits across a wide variety of physical and digital formats through shopyourway.com. Sears, Roebuck offers its wide range of home merchandise, apparel and automotive products and services through Sears-branded and affiliated full-line and specialty retail stores. Sears, Roebuck also offers a variety of merchandise and services through sears.com and specialty catalogs. Sears, Roebuck offers consumers leading brands including Kenmore, Craftsman, and DieHard - among the most trusted and preferred brands in the U.S. The company is the nation's largest provider of home services, with more than 6,000 expert technicians who make nearly 11 million service calls annually. For more information, visit the Sears, Roebuck website at www.sears.com or the Sears Holdings Corporation website at www.searsholdings.com.

About Kmart
Kmart, a wholly owned subsidiary of Sears Holdings Corporation (NASDAQ: SHLD), is a mass merchandising company and part of Shop Your Way, a social shopping experience where members have the ability to earn points and receive benefits across a wide variety of physical and digital formats through shopyourway.com. Kmart offers customers quality products through a portfolio of exclusive brands that include Jaclyn Smith, Joe Boxer, Route 66 and Smart Sense. For more information visit the company's website at www.kmart.com | Sears Holdings Corporation website at www.searsholdings.com | Facebook: www.facebook.com/kmart.

CONTACT:
(847) 286-8371

View original content:http://www.prnewswire.com/news-releases/previously-reported-data-security-incident--customer-update-and-instructions-300637829.html

SOURCE Sears Holdings Corporation