Add Kmart to the List of POS Data Breach Victims
National retailer Kmart, a subsidiary of Sears Holdings Corp., publicly confirmed on Oct. 10 that it had been breached by a form of point-of-sale (POS) malware.
While Kmart is reporting the breach today, the company claimed that it only detected the breach yesterday, on Oct. 9. With barely a day of investigation, Kmart has already been able to determine a number of key facts about the breach that affected its stores.
Kmart's investigation has led the company to believe that the breach began in early September. While Kmart has not specifically said what type of malware infected its systems, the company noted that the malware used was "undetectable by current antivirus systems."
There are multiple known forms of POS malware impacting retailers today. Perhaps the most prevalent is the Backoff malware, which was first reported in August and has infected at least 1,000 retailers. Ice cream chain Dairy Queen reported on Oct. 9 that it was the latest victim of Backoff in an attack that impacted 395 of its stores.
Kmart claims its preliminary investigation shows that debit card PIN numbers and Social Security Numbers were not stolen in the breach. Kmart has not yet publicly disclosed how many of its stores have been affected or how many customers may be at risk.
In a statement, Kmart emphasized that customers at not liable for any fraudulent charges.
"We want our members and customers to be aware of the situation, and we suggest that customers carefully review and monitor their debit and credit card account statements," Kmart said in a statement. "If customers see any sign of suspicious activity, they should immediately contact their card issuer."
The company noted that it is working with law-enforcement officials as well as IT security firms as part of an ongoing investigation. Going a step further, Kmart stated it will now be deploying "advanced software" to further protect its customers.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.