There was another malware-based data security breach of credit card processing systems at Kmart Stores, and it’s the second one in less than three years.
Sears Holdings, the parent company of Kmart, reports having launched an investigation into the events. They are also working with third-party forensic experts to get to the bottom of this and secure their systems.
It turns out their payment data systems were infected with a certain type of malware that slipped past the radar of the current antivirus systems and application controls. Reportedly, they have already dealt with the issue, so it’s safe use credit cards in their retail stores once more.
Although there is no evidence that customers were impacted, Kmart officials believe that credit card numbers have been compromised. Luckily, no personal identifying information was compromised, such as names, social security numbers, addresses, or emails.
Sears Holdings opted against commenting on how many of their 735 locations were affected by this, as the investigation is still ongoing. However, at least two sources seem to suggest that not all the stores were affected. If all locations had been affected, they would probably be seeing much bigger alerts from the credit card companies about the compromised accounts.
In October 2014, there was a similar data security breach at Kmart Stores, involving similar types of data being stolen while other types were unaffected. At that time, their point-of-sale systems were infected as well.
The stolen data potentially enables the perpetrators to produce counterfeit credit cards, stealing the funds available on them. However, chipped cards make this a difficult and expensive process.