Kmart hit by malware credit card breach

Kmart is the latest high profile name to announce the discovery of malicious credit and debit card stealing malware in its point of sale registers at its retail stores, writes Brian Krebs on his Krebs on Security website. The malware has been removed and the breach has been contained, the company has announced, but further investigations are still taking place.

A statement on the Kmart website says that “based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible. There is also no evidence that kmart.com customers were impacted.”

The BBC reports that 1,200 stores were infected with the malware over the course of a month, and despite there being no evidence that any of the card numbers stolen were being used to create counterfeit cards, Kmart has offered free card monitoring protection for customers to ensure any fraudulent activity on their account would not affect their credit rating. Bloomberg states that this credit-monitoring offer “extends to everyone who used a credit or debit card at Kmart stores in September through October 9”.

Once a ‘footnote in computing history’, Point of Sale malware has rarely been out of the news recently, with the likes of Target, Home Depot and most recently Dairy Queen being hit by malicious code designed to steal customer card details. It has now been estimated that more than 1,000 US businesses have been hit by Point of Sale malware.

If you’re concerned about recent breaches, either for your business or as a consumer, ESET researcher Lysa Myers has written thorough guides about how to keep yourself and your business safe from such attacks and data leaks in future.

Ken Wolter / Shutterstock.com

Author , ESET

  • Vicki T

    You are amazing how well you keep up with these breaches in security. Thank you so much for this update on Kmart. I hope other people appreciate you as much as I do. Vicki T

Follow us

Copyright © 2016 ESET, All Rights Reserved.