Sears Holding Co. late Friday said it recently discovered that point-of-sale registers at itsKmart stores were compromised by malicious software that stole customer credit and debit card information. The company says it has removed the malware from store registers and contained the breach, but that the investigation is ongoing.
“Yesterday our IT teams detected that our Kmart payment data systems had been breached,” said Chris Brathwaite, spokesman for Sears. “They immediately launched a full investigation working with a leading IT security firm. Our investigation so far indicates that the breach started in early September.”
According to those investigators, Brathwaite said, “our systems were infected with a form of malware that was currently undetectable by anti-malware systems. Our IT teams quickly removed that malware, however we do believe that debit and credit card numbers have been compromised.”
Brathwaite stressed that the data stolen included only “track 2? data from customer credit and debit cards, and did not include customer names, email address, physical address, Social Security numbers, PINs or any other sensitive information.
However, he acknowledged that the information stolen would allow thieves to create counterfeit copies of the stolen cards. So far, he said, Sears has no indication that the cards are yet being fraudulently used.
Sears said it has no indication that any Sears, Roebuck customers were impacted, and that the malware infected the payment data systems at Kmart stores only.
http://krebsonsecurity.com/
Userlevel 7
The following article is a update
Discount store Kmart admitted some customers’ payment cards have likely been “compromised” as it became the latest mega retailer to fall victim to cyber-crims.
The parent of the chain, Sears Holding Corp, said the IT team discovered late Thursday that its payment systems had been breached, and further investigations indicate this had started early last month
Security experts hired by the group found the the internal processing systems became “infected with a form a malware that was undetectable by current anti-virus [wares]”, the company said
The Register/ Article/ http://www.theregister.co.uk/2014/10/12/kmart_cyber_attach/
(Kmart apologizes to customers after month-long security breach)
By Paul Kunert, 12 Oct 2014Discount store Kmart admitted some customers’ payment cards have likely been “compromised” as it became the latest mega retailer to fall victim to cyber-crims.
The parent of the chain, Sears Holding Corp, said the IT team discovered late Thursday that its payment systems had been breached, and further investigations indicate this had started early last month
Security experts hired by the group found the the internal processing systems became “infected with a form a malware that was undetectable by current anti-virus [wares]”, the company said
The Register/ Article/ http://www.theregister.co.uk/2014/10/12/kmart_cyber_attach/
Userlevel 7
I'm surprised that Kmart is still in business. Mostly wherever you find a Kmart, you will find a Walmart very near. I know in my area not many people shop at Kmart. This breach should do wonders for their few customers.
Userlevel 7
We have a KMart here, and I have been quite surprised it has survived. It is almost always pretty much empty, though they do have some dedicated customers who go there, even while prices are a bit higher, as it is not the crowded mess WalMart is.
I certainly have not kept them in business... I tend to go there only when I can't find something somewhere else in town..... and of course I fail to find it there too LOL!
I certainly have not kept them in business... I tend to go there only when I can't find something somewhere else in town..... and of course I fail to find it there too LOL!
Userlevel 7
+54
by Liora R. Herman on November 9, 2014
Move over “clean up in aisle 3”. There’s a more important announcement for Kmart shoppers coming over the P.A. system — or rather, published on the company’s website in a bulletin from President and Chief Member Officer Alasdair James: bad actors have breached the Point of Sale (PoS) system.
Kmart, which is owned by Sears, is among a swath of retailers — including Staples, Dairy Queen and Jimmy Johns — that have been successfully breached over the past month. Here’s what is known so far:
Move over “clean up in aisle 3”. There’s a more important announcement for Kmart shoppers coming over the P.A. system — or rather, published on the company’s website in a bulletin from President and Chief Member Officer Alasdair James: bad actors have breached the Point of Sale (PoS) system.
Kmart, which is owned by Sears, is among a swath of retailers — including Staples, Dairy Queen and Jimmy Johns — that have been successfully breached over the past month. Here’s what is known so far:
- Kmart’s IT team discovered the breach on October 9
- A subsequent investigation has revealed that the attack started in early September, and that bad actors infected payment data systems with “a new form of malware”
- So far, no personal information (e.g. debit card PINs, email addresses, Social Security numbers) have been compromised
- There is no evidence that online shoppers using Kmart.com were affected
Userlevel 7
Kmart informed their customers of the breach by calling both of them.
😃
😃
Userlevel 7
Was that before they closed 1 of the 2 stores still open or after? ;)@ wrote:
Kmart informed their customers of the breach by calling both of them.
:D
Userlevel 7
LOL. One customer per store.@ wrote:
Was that before they closed 1 of the 2 stores still open or after? ;)@ wrote:
Kmart informed their customers of the breach by calling both of them.
:D
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.