Kmart Stores Hit By Data Breach
Kmart, the huge retailer owned by Sears Holding Co., has reported that it is the latest victim of a point of sale malware attack. The attack happened at the end of last week. Both the FCC and customers were informed via official documents and a small notice on the Kmart web site. Other than that, the company was rather quiet about the whole thing.
Track 2 Data Stolen
The reason may be that in this instance “only” track 2 data was intercepted which means information about payments cards only. Other sensitive information like customer names, home addresses, social security numbers, card PIN numbers and email addresses were not intercepted.
IT Security Specialists
Kmart has been working with a reputable security firm to examine the issue. They say that they have now successfully removed all the malware from point of sale systems at affected Kmart branded stores.
Krebs on Security
The Sears spokesman told Krebs on Security web site, a leading security blog, that the malware was of a type that could not be detected by existing malware detection software. With that said, the malware was successfully removed nonetheless.
Purpose of the Data Theft
Card information has been stolen, so data thieves could manufacture new fake plastic or try to use them to go shopping online. However, Sears have so far detected no fraudulent transactions at the present time. The company has been working closely with the FBI over the intrusion with a view to law enforcement officials catching those who were responsible.
Sears or Roebuck store point of sale systems have been unaffected because the malware was targeting Kmart branded stores only.