Kmart Experiences Data Breach, Currently Investigating Incident
Store payment systems were infected with malicious code undetectable by current anti-virus systems
Kmart and Sears Senior Vice President Gareth Glynne is notifying customers that Kmart has experienced a data breach.
"We recently became aware Kmart was a victim of a security incident involving unauthorized credit card activity after certain customer purchases at some of our stores," he wrote in a statement on the retailer's website.
As soon as the company learned about the breach, it launched an investigation and brought in IT security experts to review Kmart's systems and secure the part of its network that was affected.
"Our investigation to date indicates our Kmart store payment data systems were infected with a form of malicious code (similar to a computer virus) that was undetectable by current anti-virus systems," wrote Glynne. "Once aware of the new malicious code, we quickly removed it and contained the event. We are confident that our customers can safely use their credit and debit cards in our retail stores."
The retailer's forensic investigation determined that the hackers did not obtain any personal identifying information, including names, addresses, Social Security numbers, birth dates, or email addresses. However, Kmart does believe that particular credit card numbers were compromised.
All affected locations were using EMV "Chip and Pin" technology when the breach happened. For this reason, says the company, the hackers' exposure to cardholder information that could be used to make counterfeit cards was limited.
The investigation found no evidence that debit PINs were compromised, nor that customers who shopped at Kmart's website or at Sears were affected by the breach.
Glynne reminded customers that most credit card issuers' policies do not hold cardholders liable for unauthorized charges if they are reported in a timely manner. He urged shoppers to thoroughly review their credit and debit card statements.
In the wake of the breach, Kmart is working to enhance its defenses against the new type of malware.