2 min read

Kmart hacked - payment systems compromised by malware

Graham CLULEY

October 13, 2014

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Kmart hacked - payment systems compromised by malware

It’s not proving to be a good year for US retailers, and it’s just got worse.

Kmart announced on Friday that it had detected a serious security breach involving its store payment data system, and that since at least early September debit and credit card numbers used at the retailer’s bricks-and-mortar stores had been stolen.

Kmart’s president Alasdair James summarised the situation in the advisory posted in a corporate section of Kmart’s website:

On Thursday, Oct. 9, 2014 our IT team detected that our Kmart store payment data system had been breached and immediately launched a full investigation working with a leading IT security firm. The security experts report that beginning in early September, the payment data systems at Kmart stores were purposely infected with a new form of malware (similar to a computer virus). This resulted in debit and credit card numbers being compromised.

Based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible. There is also no evidence that kmart.com customers were impacted. This data breach has been contained and the malware has been removed. I sincerely apologize for any inconvenience this may cause our members and customers.

Kmart says it hasn’t seen any evidence that anything other than the numbers of customers’ debit and credit cards have been grabbed by the hackers, but there will obviously be concerns that the situation might turn out to be worse than initially feared.

In what appears to becoming a common thread between recent retail hacks, the card numbers compromised appear to have been stolen from actual retail stores, and not from those who purchased goods via the company’s website.

Unfortunately, there isn’t much more information at present.

We don’t know how many credit and debit card numbers have been exposed (are we talking millions?), and nor has any information been shared regarding what malware might have been used (other than the phrase “a new form of malware”).

What we do know is that Kmart has informed the Secret Service, who are investigating.

Naturally, it would be wise for all those who have shopped at Kmart between early September and October 9th to keep a close eye on their credit and debit card account statements to see if there is any suspicious activity.

Concerned customers are also invited to contact Kmart’s customer care centre at 888-488-5978.

To the firm’s credit, the advisory was linked to from the homepage of kmart.com, so – unlike some of similar victims in the recent past – Kmart cannot be accused of not being upfront with its customers about what has happened.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read