Kmart Latest Retail Chain to Disclose Payment Card Breach

2014-10-14T14:04:37
ID THREATPOST:9C961AA5BDC6AC9514951E0D2FDD2EAA
Type threatpost
Reporter Chris Brook
Modified 2014-10-14T18:04:37

Description

Kmart is the latest domino to fall in the seemingly endless streak of major retail chain breaches. The discount department store acknowledged on Friday that it fell victim to a “payment security incident” for most of September and some of October.

The store, which is operated by Sears Holdings Corp., claims its IT team discovered the breach last Thursday and subsequently contacted a “leading IT security firm” to investigate the incident further.

Alasdair James, Kmart’s President, disclosed the breach before the long holiday weekend, late Friday, in a letter published to its website.

In the letter James claims that the company’s payment data systems were infected with an unspecified “new form of malware”.

In the letter James claims that the company’s payment data systems were infected with an unspecified “new form of malware” that went on to compromise users’ credit and debit card numbers.

The company is insisting that customers’ personal information, debit card PIN numbers, email addresses, and Social Security numbers were not leaked in the breach. Customers who shopped on kmart.com are not expected to be at risk, either.

The store didn’t state exactly how many locations were implicated in the breach but many reports – including one by the BBC – believe that any customers that shopped at any of the chain’s nearly 1200 stores over the past five weeks or so is at risk.

Kmart has since removed the malware and contained the breach, it reports.

As is to be expected, the company is set to offer free credit monitoring protection, something that corporations that have been breached – and there have been a handful as of late, Home Depot, Target, Supervalu, etc. – usually do.

Just last week the restaurant chain Dairy Queen confirmed that nearly 400 of its stores were breached this summer via the Backoff malware and that customers’ payment card numbers, expiration dates and customer names had been compromised.

The Kmart breach couldn’t come at worse time for the Illinois-based company, which has fought to stay relevant in recent years. The company filed for bankruptcy in the early 2000s and despite being rescued by Sears in 2005, it has continued to see a steep decline in sales nationwide. According to Credit Suisse, a global financial services company, Kmart is expected to pull in $12 billion this year, a far cry from the $36 billion it made in 2000.