If you shop at Kmart and use a credit or debit card to pay for your purchases, it would be a good idea to comb through your account statements and be sure there are no unauthorized charges.
Kmart’s parent company, Sears Holdings, just confirmed the retailer experienced a data breach that exposed customer credit card data to hackers.
“Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls,” Howard Riefs, a spokesman for Sears Holding, said in a statement. “Once aware of the new malicious code, we quickly removed it and contained the event. We are confident that our customers can safely use their credit and debit cards in our retail stores.”
As with many breaches, it was Krebs On Security that broke the news, pointing out this is the second time in less than three years that Kmart has suffered a data breach. Like this recent breach, the earlier breach also involved malware designed to steal card data from hacked point-of-sale devices.
Kmart.com customers were not affected and no personal identifying information — names, addresses, email addresses or Social Security numbers — was stolen, according to the statement.
The company has 735 locations nationwide and the company has not released how many locations were affected or how long the data was being leaked before the malware was eradicated. According to a 14-question FAQ PDF the company released, they don’t believe this security incident has any link to the previous one. The previous incident, which was announced in October 2014, resulted in a class action lawsuit against Kmart, alleging violations of “state consumer fraud statutes based on Kmart’s allegedly inadequate payment card security protocols,” according to this information website about the settlement, which included a $5.4 million settlement fund used to pay the claims of eligible settlement class members. The deadline to file a claim from the earlier breach ended April 18, less than six weeks prior to this new breach being uncovered.
Remember, you must report any unauthorized charges on your debit or credit card in a timely manner — within 60 days of the first statement that contained the charges in dispute — if you want to be reimbursed.
Are you covered for identity theft?
Get Covered
Image: Unsplash