Kmart Latest Chain Hit by Data Breach

October 13, 2014, Written By John H. Oldshue
Kmart Retail Store Exterior

Credit card hackers have hit another major retailer in the United States. This time, it’s Kmart.

In a filing last Thursday with the Securities and Exchange Commission, the company says a month-long data breach took place in early September. Debit and credit card numbers appear to have been compromised.

Kmart is one of a number of retail stores where card numbers have been compromised, including Target, Neiman Marcus, Home Depot and Michael’s. As with those stores, Kmart’s breach was likely the result of a nearly undetectable Backoff malware program that can be installed into the database of the store’s credit card system. Kmart has removed the malware since it was discovered on October 9.

Kmart, which is owned by Sears Holding Corporation, has not disclosed the scale of the breach at this time. They do not believe hackers were able to obtain social security numbers, email addresses, PIN numbers or personal information from the system.

Online customers who have used Kmart.com were not affected by the breach.

“Given the criminal nature of this attack, Kmart is working closely with federal law enforcement authorities, our banking partners and IT security firms in this ongoing investigation,” the company said in a statement. “We are deploying further advanced software to protect our customers’ information.”

Kmart is offering free credit monitoring for anyone who has shopped in their stores at any time between September 1 and October 9.



The information contained within this article was accurate as of October 13, 2014. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.