Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Kmart Customers’ Card Details Hacked and Stolen

US discount store Kmart has become the latest big name retailer to be struck by a major data breach after admitting its systems were hit by malware early last month, exposing card details.

President of the nationwide chain, Alasdair James, explained in a statement on the firm’s website that there’s no evidence that personal information, PINs, email addresses or social security numbers were stolen.

He added:

“On Thursday, Oct. 9, 2014 our IT team detected that our Kmart store payment data system had been breached and immediately launched a full investigation working with a leading IT security firm. The security experts report that beginning in early September, the payment data systems at Kmart stores were purposely infected with a new form of malware (similar to a computer virus). This resulted in debit and credit card numbers being compromised.”

James claimed that the breach has now been contained and malware removed, and that the firm is offering free credit monitoring protection to all customers who have used a card at the store during September through to October 9.

Kmart said it’s also working closely with federal law enforcers, banking partners and security experts to investigate further.

The incident is the latest in what is fast becoming “the year of the data breach.”

There’s no other information on exactly how the hackers managed to infiltrate Kmart’s IT systems, but it would appear that the company hasn’t heeded the lessons of numerous other big name US firms which have all been hit this year.

Just last week, Dairy Queen admitted that the details of around 600,000 cards had been swiped by hackers using the Backoff malware.

It also emerged that the hackers who breached JPMorgan recently, affecting 76 million households, may also have successfully gone after 13 other financial institutions, including Citigroup, HSBC and payroll firm ADP.

What’s Hot on Infosecurity Magazine?