Late Friday Sears Holding Corp. said its Kmart stores found a breach of its in-store payment data systems, exposing debit and credit card numbers.
Kmart’s IT team detected the breach on Oct.9 and hired a security firm to conduct a full investigation.
“According to the security experts we have been working with, our Kmart store payment data systems were infected with a form of malware that was undetectable by current anti-virus systems,” Sears said in a statement.
Kmart has removed the malware, Sears added.
Hoffman Estates, Illinois-based Sears did not give any indication of how many payment cards were compromised by the breach—which started in early September—but it did indicate that its investigation has determined “no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible.”
The retailer also did not say how many stores were affected, or give locations.
“Given the criminal nature of this attack, Kmart is working closely with federal law enforcement authorities, our banking partners as well as security experts in this ongoing investigation,” said Alasdair James, president and chief member officer in a statement.
Kmart is offering free credit monitoring to customers who has shopped at stores from early September until Oct. 9.
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
