Skip to main content

Sears and Kmart Busted for Using Spyware

It's no big secret that Walmart is hurting many older retail chains such as Kmart and Sears. Both latter companies are struggling to stay afloat, trimming the fat by closing locations and restructuring current stores to look refreshed and up to speed with America's #1 retail giant. But now Sears and Kmart has come under fire for acquiring marketing data using spyware, and seems rather surprising given their need for consumer patronage.

Last week the Federal Trade Commission approved its final consent order against Sears Holding Management Company, the parent company of both Sears and Kmart. According to Ars Technica, the company must destroy all data gained from its "My SHC Community" program, and halt all incoming transmissions from the hidden spyware provided by the company currently  installed "in the wild." The program threw up a red flag as far back as early 2008, with security researchers declaring that Sears was after more than what was originally disclosed in the user agreement.

The voluntary "My SHC Community" survey collected the participant's online web browsing in exchange for $10. However, the program that participants installed collected more than just casual browsing, but rather transmitted the complete contents of a browsing session, including secure sessions. That meant Sears and Kmart collected personal data including bank accounts, credit cards, addresses, home telephone numbers and more. The installed software also collected non-Internet information about the participant's computer.

After an investigation, the FTC said that Sears disclosed its tracking intent, but did so in a confusing manner that appeared after a lengthy, multi-step registration process. "The agency charged that Sears did not "adequately disclose the scope of the tracking software's data collection," the FTC said. Sears has agreed to provide clearer disclosures, separate from any user license agreement, in future marketing programs.