“Our investigation to date indicates our Kmart store payment data systems were infected with a form of malicious code (similar to a computer virus) that was undetectable by current anti-virus systems,” the letter said. “Once aware of the new malicious code, we quickly removed it and contained the event. We are confident that our customers can safely use their credit and debit cards in our retail stores.”
» RELATED: Kmart, Sears stores to close in Ohio
Credit card numbers were compromised by the hack, but Kmart said no personal identifying information – including names, addresses, social security numbers, birth dates and email addresses – was obtained during the hack.
The company does not believe its kmart.com or Sears customers were impacted or that debit PIN numbers were compromised, according to a letter posted on Kmart’s website by Gareth Glynne, senior vice president of retail operations.
» Are Sears and Kmart closing near you? Company issues somber notice
“Given the criminal nature of this attack, Kmart is continuing to work closely with federal law enforcement authorities, our banking partners, and IT security firms in an ongoing investigation. We are also actively enhancing our defenses in light of this new form of malware. Data security is of critical importance to our company, and we continuously review and improve the safeguards that protect our data in response to changing technology and new threats,” Glynne wrote.
Customers can contact the customer care center at 888-488-5978.
About the Author