Kmart announced late today that it is the latest mega retailer to be breached. The store is currently working with a security firm who is continuing to investigate the breach, which has now been contained.
At this phase, it appears to affect credit and debit card numbers, which were compromised only from retail stores and not Kmart.com.
In a statement on the retailer’s website, the Kmart CEO stated:
Based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible. There is also no evidence that kmart.com customers were impacted. This data breach has been contained and the malware has been removed. I sincerely apologize for any inconvenience this may cause our members and customers.
The company reports that the breach occurred sometime in early September and that a new form of malware was installed on their network. However, no information has been provided regarding how the criminals gained access to their network at this stage.