Alasdair James, President and Chief Member Officer of Kmart, announced on Thursday that the company’s payment systems were hacked. Kmart’s IT team detected the breach of store payment systems. A preliminary investigation revealed a deliberate infection of the store’s system with a new form of malware that compromised credit and debit cards numbers. Kmart says it does not believe personal information such as PIN numbers, email addresses or social security numbers were affected. The company’s website, Kmart.com, so far has not been affected by the breach.
A spokesman for Kmart said in a statement “Our investigation to date indicates the breach started in early September. According to the security experts we’ve been working with our Kmart store payment data systems were infected with a form of malware that was undetectable by current anti-virus systems. We were able to quickly remove the malware. However we believe debit and credit card numbers have been compromised.”
According to Kmart the data breach was contained. Customers whose credit card information may have been stolen will not be held liable for unauthorized charges. A company spokesperson told SecurityWeek that they are not able to provide a figure on the number of customers impacted. Kmart is also offering free credit monitoring protection to any customer who made a purchase using a debit or credit card in any of its stores in September or October up to Thursday’s announcement. Kmart is currently working with federal law enforcement authorities, banking partners and security experts to solve the hack. The company did not reveal what security experts it was working with.
In another breach Dairy Queen reported that nearly 400 of its restaurants across the country have been hacked. The company blamed the ‘Backoff’ malware for the breach. According to Dairy Queen the malware entered the the company’s systems through a “third-party vendor’s compromised account credentials.” Dairy Queen said it has contained the malware. The hacked system contained customers names, payment card numbers and expiration dates, according to the company. Dairy Queen said the intrusion took place between August and October, but varies at each location.
Dairy Queen posted an online list of 395 restaurants including Orange Julius outlets where payment card data was compromised. Click here for the full list. Dairy Queen owns more than 4,000 stores.
For more information please see;