Some small banks and credit unions received alerts from the credit card companies about batches of stolen cards used at Kmart locations, according to cybersecurity expert Brian Krebs.
Commenting on this card breach, Kmart’s parent company Sears Holdings said that Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls. Furthermore, the company has immediately launched a thorough investigation and engaged third party forensic experts to review their systems and secure the affected part of their network.
Nevertheless, based on the forensic investigation, information such as names, addresses, social security numbers, and email addresses was not obtained by those criminally responsible. In October 2014, Sears announced a very similar breach in which the company also stressed that the data stolen did not include customer names, email addresses or other personal information.
Both breaches involved malware designed to steal credit and debit card data from hacked point-of-sale (POS) devices. The malware copies account data stored on the card’s magnetic stripe. Armed with that information, fraudsters can effectively clone the cards and use them to buy high-priced merchandise from electronics stores and big box retailers.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now