Kmart Credit Card Data Breach: Malware Hits Stores For Second Time In 3 Years
Cyber attacks are becoming commonplace in 2017 and the most recent one might be a credit card breach which hit the popular retail chain Kmart, reported first on May 16, but only confirmed by parent company Sears Holding on Wednesday.
Read: Chipotle Hacked: Credit Card Breach, Malware Hit 'Most' Locations, Restaurant Reports
"Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls. Once aware of the new malicious code, we quickly removed it and contained the event. We are confident that our customers can safely use their credit and debit cards in our retail stores," Howard Riefs, a spokesman for Sears Holding, said in a statement to Patch.
The company further explained the risk to its customers. “Based on the forensic investigation, NO PERSONAL identifying information (including names, addresses, social security numbers, and email addresses) was obtained by those criminally responsible. However, we believe certain credit card numbers have been compromised. Nevertheless, in light of our EMV compliant point of sale systems, which rolled out last year, we believe the exposure to cardholder data that can be used to create counterfeit cards is limited," it said.
The breach was first reported by security website Krebs on Security on May 16. Many small banks and credit unions received complaints about batches of stolen cards, all of which had been used at Kmart locations.
The company didn’t reveal which of its 735 locations were hit, but did say how the breach occurred. The company’s systems were hit with a malware designed to steal credit card data from point-of-sale devices installed at kiosks. The malware copies credit card information from the card’s magnetic strip, when the cards are swiped at payment kiosks. Using this information, the cards can be cloned and purchases made using these clones would be debited from the credit card user’s account.
This not the first time Kmart suffered such a breach. The retail chain had a similar breach in 2014 and had also claimed at the time the stolen data did not include customer names, emails addresses and personal information.
"We are actively enhancing our defenses in light of this new form of malware. Data security is of critical importance to our company, and we continuously review and improve the safeguards that protect our data in response to changing technology and new threats," it said.
Read: Target Settlement: Company Will Pay $18.5M For Credit Card Data Breach
It was however confirmed the breach did not target all Kmart locations, in which case credit card companies would have themselves issued warnings to customers against using their cards at retail stores.
Sears Holdings has set up a helpline for customers who might be affected by the breach. If you think you are one of them, you can call 888-488-5978 to get your queries answered.
© Copyright IBTimes 2024. All rights reserved.