“Our Kmart store payment data systems were infected with a form of malicious code that was undetected by current anti-virus systems and application controls. Once aware of the new malicious code, we quickly removed it and contained the event. We are confident that our customers can safely use their credit and debit cards in our retail stores."Based on forensic information, the retailer has determined personal identifying information, such as names, addresses, Social Security Numbers or email addresses, was not obtained by cybercriminals. Although certain payment card details were compromised, Kmart believes its stores’ EMV “Chip and Pin” technology helped reduce the exposure to cardholder data, which can be used to create counterfeit cards. “We are actively enhancing our defenses in light of this new form of malware,” said Sears spokesman Chris Brathwaite.
“Data security is of critical importance to our company, and we continuously review and improve the safeguards that protect our data in response to changing technology and new threats,” said Brathwaite.In October 2014, Kmart reported a similar incident that compromised customer credit and debit cards due to cybercriminals installing malware on payment systems. The retailer said the latest breach does not appear to be linked to a previous security incident. As always, customers are advised to review credit and debit card account statements to determine any discrepancies or unusual activity, and report any instances to their payment card issuer.