Kmart Announces Month-Long Data Breach

On Friday, Oct. 10, Kmart, a member of the Sears brand, announced the company had discovered its own payment security incident. According to a press release by the company, the Kmart IT team “detected that the Kmart store payment data system had been breached and immediately launched a full investigation with a leading IT security firm.”

The company says it believes stores were purposely infected with a new form of malware, which resulted in debit and credit card numbers being compromised. Through the forensic investigation, the company says, “no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained,” by those responsible.

Additionally, the company wants to inform their customers of the data attacks. According to the press release, Kmart will protect customers who shopped with a credit or debit card in Kmart stores during the month of September through Oct. 9, and will be offering free credit monitoring protection.

Kmart is the latest company to join the group of retailers who have been attacked through data breaches, with Dairy Queen announcing its own breach on Oct. 9, affecting 395 store locations. Prior to that, Home Depot announced 56 million cards had been compromised over a five-month span.

With several companies affected by data breaches, many wonder why it continues to happen. According to an article by the Washington Post, researchers believe even with “hardened defenses, cybercriminals are almost always one step ahead.”

The article continues to suggest that, while the cyber criminals have been attacking large brands, it raises concerns smaller retailers might be next.

With these announcements, it’s more important than ever to take steps to prevent against a data breach in your own business. Keep cardholder data stored securely, audit accounts and document all system activities.

To read the Kmart press release, click here.

To read the Washington Post article, click here.