Sears Holdings reports Kmart data breach

Posted at 11:55 AM, Jun 01, 2017
and last updated 2017-06-01 11:55:56-04

Sears Holdings says some customers who shopped at Kmart stores may be the victims of a data breach.

The company isn't saying how many credit cards were affected, but it believes some credit card numbers have been compromised.

It says no personal information, such as contact details or Social Security numbers were stolen.

The company says there's no evidence customers who bought items at or Sears customers were affected. 

Sears Holdings released the following statement:

We recently became aware that Sears Holdings was a victim of a security incident involving unauthorized credit card activity following certain customer purchases at some of our Kmart stores. We immediately launched a thorough investigation and engaged leading third party forensic experts to review our systems and secure the affected part of our network.

Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls. Once aware of the new malicious code, we quickly removed it and contained the event. We are confident that our customers can safely use their credit and debit cards in our retail stores.

Based on the forensic investigation, NO PERSONAL identifying information (including names, addresses, social security numbers, and email addresses) was obtained by those criminally responsible. However, we believe certain credit card numbers have been compromised. Nevertheless, in light of our EMV compliant point of sale systems, which rolled out last year, we believe the exposure to cardholder data that can be used to create counterfeit cards is limited. There is also no evidence that or Sears customers were impacted.

Given the criminal nature of this attack, Kmart is working closely with federal law enforcement authorities, our banking partners, and IT security firms in this ongoing investigation. We are actively enhancing our defenses in light of this new form of malware. Data security is of critical importance to our company, and we continuously review and improve the safeguards that protect our data in response to changing technology and new threats.

For more information, click here.