Discount chain Kmart said on Friday that its store payment data system had been breached, and that consumers’ debit and credit card numbers were compromised.
The retailer detected the system breach on Thursday, and during an investigation, security experts reported that starting in early September, Kmart’s in-store payment data systems were intentionally infected with malware similar to a computer virus.
According to a company statement, “Based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible. There is also no evidence that kmart.com customers were impacted. This data breach has been contained and the malware has been removed.” The company did not reveal how many consumers may have been affected.
Kmart said it is committed to doing the utmost to safeguard consumer information in light of the recent spate of data compromises. Customers who shopped in Kmart stores with a credit or debit card during September through Oct. 9, will be offered free credit monitoring protection.
Target, one of Kmart’s competitors, suffered a similar data breach last holiday season when hackers gained access to credit and debit card data for 40 million customers, and personal identification information from as many as 70 million others. And just last month, Home Depot announced that roughly 56 million customer credit cards may have been compromised in a 5-month long attack—a credit/debit card breach bigger than Target’s.
Given the criminal nature of the attack, Kmart said it will work closely with federal law enforcement authorities, its banking partners and security experts in the ongoing investigation.