Computer Security Kmart Stores Hit by a Second Credit Card Breach in Three...

Kmart Stores Hit by a Second Credit Card Breach in Three Years

kmart credit card hack second timeA second credit and debit card breach at Kmart in just three years has been confirmed. KrebsonSecurity first reported the incident after receiving alerts from smaller banks and credit unions. Sears Holdings, Kmart’s parent company, has released an official FAQ document with details about the breach. So far, the company hasn't disclosed just how many of its 735 Kmart locations have been impacted or for how long the attackers were able to maintain access to the breached systems.

According to the official statement "Kmart was a victim of unauthorized credit card activity following certain customer purchases." After becoming aware of the breach, Sears hired third-party forensic experts to carry out a thorough investigation of the company's systems. In the course of the investigation, it was discovered that an "undetectable by current anti-virus systems and application controls" form of malicious code had infected Kmart's store payment data systems. Sears stated that the malicious code has since been removed.

No Personal Information Was Stolen

Kmart's customers were reassured that no personally identifying information, such as names, social security numbers, addresses, emails, and birth dates had been obtained by the attackers. It should be noted that certain credit card numbers may have been compromised during the breach. The released FAQ document states that there is "no evidence that kmart.com or Sears customers were impacted." The company is working with federal law enforcement agencies, its banking partners, and outside security firms to investigate the attack.

The current information breach resembles the one from October 2014. Back then Kmart point-of-sale registers were hit by malware that stole credit and debit card data. In its official response, the company similarly stated that the malware was undetectable by currently used anti-malware systems and that no personally identifying information had actually been compromised.

In both cases, the goal of the hackers was to steal account data stored on the magnetic strip of the cards, information that can then be effectively used for the creation of counterfeit clones of the credit and debit cards.

Loading...