Kmart on Friday confirmed that its systems were breached by hackers who were able to steal credit and debit card data for customers shopping in its retail stores since early September to October 9, when the breach was discovered. It’s not clear at this time how many customers may have been affected or how many Kmart stores have been hit, as the company is yet to announce any numbers.
However, Kmart did say that “based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible.” The company said there’s no evidence that any Kmart shopper was impacted, and added that it’ll be offering free credit monitoring protection to customers that have shopped in Kmart stores during the period.
Kmart says its systems were attacked by a new form of malware, which has been removed by its security team.
Sears spokesman Chris Brathwaite also confirmed the hack, Krebs on Security reports, saying that Kmart systems “were infected with a form of malware that was currently undetectable by anti-malware systems. Our IT teams quickly removed that malware, however we do believe that debit and credit card numbers have been compromised.” Sears said that its Sears tores have not been hit by a similar attack.
It’s not clear whether the hack is related in any way to similar breaches that occurred at Home Depot or Target, to name just a couple of prominent credit card heists that took place in the last 12 months.