Second breach in less than three years shakes customer confidence.
Kmart has been hit with a credit card breach for the second time in less than three years, as unauthorized credit card use was reported across the chain, KrebsonSecurity explained. Meanwhile, while Sears Holdings, which owns Kmart, admitted that “Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls,” they insisted that there is no evidence that online activity was compromised as part of the attack. They also did not release details about how many locations were affected, according to Money. The Sears Holding statement asserted that their IT team “quickly removed it and contained the event. We are confident that our customers can safely use their credit and debit cards in our retail stores.”
While no personal identifying information appears to have been compromised in the attack, Sears Holding does say that certain credit card numbers have been compromised. The attack also appears to be limited to customer cards that were used in physical Kmart stores, and the impact does not seem to extend to kmart.com or Sears customers.
A Sears Holdings spokesman said the investigation into the hack is still ongoing, so details on the dates of the breach, how many customers were affected and which stores were targeted, were not available. Not all of Kmart’s 624 stores were affected, he said.
According to Sears Holdings, the recent rollout of more secure cash register systems should ensure that the exposure of cardholder data that can be used to create counterfeit cards was limited.
"Data security is of critical importance to our company, and we continuously review and improve the safeguards that protect our data in response to changing technology and new threats," said the company in the blog post.