Kmart Latest Breach Victim

Oct. 14, 2014

Kmart Latest Breach Victim After a brief respite as the main target of hackers, a major retailer is in the news after experiencing a breach of its network security. Sears Holdings on Friday acknowledged the POS systems at an unknown number of Kmart stores have been compromised. The company said it learned of the intrusion only the day before and that shoppers who visited Kmart locations from the beginning of September through Oct. 9 could be in danger of having their credit or debit card numbers stolen. The company said its early-stage investigation indicates no personal information, debit card PIN numbers, email addresses or social security numbers were stolen, but that “certain debit and credit card numbers have been compromised.”

The breach highlights the evolving threat posed by hackers in that Kmart executives said the malware used to defeat its security measures was new and “undetectable by current anti-virus systems.” The intrusion also indicates again the difference between compliance with PCI standards and actual security , which requires heightened and constant attention by retailers and financial institutions. Kmart said the breach has been contained, the malware removed and the company continues to work with law enforcement and a third-party forensic company to investigate.