Sign up to our newsletter
Kmart is the latest high profile name to announce the discovery of malicious credit and debit card stealing malware in its point of sale registers at its retail stores, writes Brian Krebs on his Krebs on Security website. The malware has been removed and the breach has been contained, the company has announced, but further investigations are still taking place.
A statement on the Kmart website says that “based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible. There is also no evidence that kmart.com customers were impacted.”
The BBC reports that 1,200 stores were infected with the malware over the course of a month, and despite there being no evidence that any of the card numbers stolen were being used to create counterfeit cards, Kmart has offered free card monitoring protection for customers to ensure any fraudulent activity on their account would not affect their credit rating. Bloomberg states that this credit-monitoring offer “extends to everyone who used a credit or debit card at Kmart stores in September through October 9”.
Once a ‘footnote in computing history’, Point of Sale malware has rarely been out of the news recently, with the likes of Target, Home Depot and most recently Dairy Queen being hit by malicious code designed to steal customer card details. It has now been estimated that more than 1,000 US businesses have been hit by Point of Sale malware.
If you’re concerned about recent breaches, either for your business or as a consumer, ESET researcher Lysa Myers has written thorough guides about how to keep yourself and your business safe from such attacks and data leaks in future.
Ken Wolter / Shutterstock.com
Author Alan Martin, ESET