Discount retailer Kmart said a data breach of its systems had compromised some customers’ debit and credit card numbers, in the latest cybersecurity attack against a major US store.
No personal information, debit PIN numbers, email addresses or social security numbers, however, had been gleaned during the episode, which began in early September and was detected on Thursday.
“Our Kmart store payment data systems were infected with a form of malware that was undetectable by current anti-virus systems,” department store operator Sears Holdings, which owns retailers Kmart and Sears, said in a statement.
There was no evidence that online customers at kmart.com had been affected, and the company gave no indication as to how many cards were compromised.
Kmart “immediately launched a full investigation working with a leading IT security firm” and was working closely with federal law enforcement authorities and partner banks, the statement said.
The company added that it had “deployed advanced software to protect our customers’ information” and that the store would offer free credit card monitoring to customers who had shopped at the retailer September through Thursday.
Kmart, which has a network of 1,200 stores across the United States, is only the latest US retailer to be hit by a cyberattack.
In mid-September home-improvement retailer Home Depot announced a data breach that affected as many as 56 million customer payment cards between April and September.
The incident followed a similar case involving Kmart rival Target, which disclosed last December that hackers gained access to credit card data for 40 million customers and to additional personal and identification information for 70 million others.