14 DAY TRIAL // The IT team from Kmart discount store identified on Thursday an intrusion on its payment data system that lasted since early September.
An investigation was immediately initiated in order to learn the extent of the attack and the customer information that was affected.
The company was quick at disclosing the breach, as the announcement about the compromise came a day after learning about it, on Friday.
Antivirus system failed to detect the threat
Owned by Sears Holdings Corp., Kmart is among the largest discount store chains in the world, with at least 1,200 locations, as of February 2013. The brand also exists in Australia and New Zealand, although there no longer is a relation with the American counterpart since the 70s.
According to the results of the investigation, social security numbers, PIN codes or email addresses have not fallen in the hands of the attackers, and only the “track 2” card data of in-store shoppers was swiped by the cybercriminals.
The stolen information, which includes card numbers, allows cloning of the cards and making online purchases.
According to the official Kmart announcement about the breach, “Kmart store payment data systems were infected with a form of malware that was undetectable by current anti-virus systems.”
The company informed that the threat was removed from their payment systems and transactions should be carried out securely at the moment.
POS malware wreaks havoc
There are no details on the security solution used or the type of malware responsible for extracting the data, but a healthy way to prevent such events would be to learn from the mistakes of others.
Recent news covered data breach events affecting customers of major retailers, most of them hit by the Backoff POS malware.
Last week, Dairy Queen confirmed that this threat was present on the payment systems of almost 400 franchised stores. The company received alerts about a possible breach back in August, and in the case of some of the stores, the intrusion lasted until October 6.
In early September, Home Depot discovered malware infiltrated in their payment systems, and in the wake of the investigation, a startling number of unique cards impacted was revealed: about 56 million.
Kmart offers free credit monitoring service
President and Chief Member Officer of the chain store Alasdair James apologized for the incident and informed that all customers who shopped at Kmart during the month of September would be provided free credit monitoring protection.
It is also recommended that customers keep a close eye on their card transactions in order to detect fraudulent activities from an early stage and contact the card issuer to remedy the problem.
“It’s important to note that the policies of the credit card companies state that customers have zero liability for any unauthorized charges if they report them in a timely manner,” James added in the official announcement of the breach.