Kmart registers hacked, customers' credit & debit cards numbers stolen

Retail chain Kmart has just announced that its in-store payment systems have been compromised for over a month now, and there is a strong chance that customers' credit and debit card numbers have been compromised. Details are still scarce at this point, but it is clear that Kmart joins recent retail victims Target and Home Depot in having their registers affected by malware.

The company made the announcement on Friday afternoon, explaining that on the day before, October 9th, they had discovered their payment data systems had been the target of hackers since the beginning of September. Kmart's IT department hasn't disclosed the scale of the breach yet, including how many card numbers may have been stolen nor how many stores were affected, but they do know that "certain debit and credit card numbers have been compromised."

The two pieces of good news to come out of this so far are that Kmart can confirm that personal information such as email addresses, social security numbers, and even PIN numbers, was not among the data stolen, and that those who shopped on Kmart's website seem to be safe from any malware. Unfortunately anyone who made a purchase at a retail location from the beginning of September through October 9th appears to be at risk and should consider contacting their card companies or financial institutions.

Kmart's statement has little to say about how the security breach took place, only revealing that the malware that was discovered was "undetectable by current anti-virus systems," making it similar to the hackings that have taken place during point-of-sale credit card transactions earlier this year. The malware has been removed and it is now safe to shop at Kmart stores, while the company says it will continue to work with law enforcement, security firms, and banking institutions as part of the investigation.

VIA SecurityWeek