News Feature | October 16, 2014

Kmart Newest Retailer To Announce Security Breach

Source: Innovative Retail Technologies

By Brianna Ahearn, contributing writer

For retailers, 2014 may very well go down as the year of the security breach. As consumers manage the aftermath of previous breaches of retailers, such as Target, Home Depot and Michaels, a new retailer has announced they have suffered a security breach. Department store retailer Kmart announced that on October 9  their information technology team detected a breach of their payment data systems. At this time, only Kmart has been affected, and not their parent company, Sears.  The next day, Sears filed a report with the Securities and Exchange Commission.

A press release by Kmart released on October 10 indicates the company immediately began working with an IT security firm upon discovering the breach. The breach was caused when the store payment data systems were infected with malicious software that went undetected by Kmart's anti-virus software systems. After working with their IT security firm, the retailer was able to remove the malware, but believes data has been compromised. Reuters reported on October 10 that the United States Security Service is currently investigating the incident.

As a subsidiary of Sears Holding Corporation, Kmart currently has around 1,200 around stores throughout the United States. The same day they announced the breach, President and Chief Member Officer of Kmart, Alasdair James, wrote a letter to the retailer's customers. Published on Kmart.com, the letter stresses how seriously the company takes their customers' personal information.

“The privacy and security of our customers’ information is of utmost importance to us, and we are committed to doing everything we can to safeguard our customers’ information in the face of a recent surge of data attacks,” James says in the release.

The breach was indicated to have started at the beginning of September, and to date, there's no evidence that personal information, PIN numbers, email addresses, or social security numbers have been stolen. Sears and Kmart.com customers weren't affected either, according to the press release. Instead, an unknown number of credit card and debit card numbers were stolen. The retailer did not provide a list of locations affected by the breach and assured customers that as long as they reported any unauthorized charges in a timely manner, cardholders weren't liable for the charges. Like SuperValu, a retailer also hit by a security breach recently, Kmart will be providing any customers who used a credit card or debit card September 1, 2014 through October 9, 2014 free credit monitoring protection. The retailer advised any consumers concerned about the breach to contact their customer care center at 888-488-5978.

“Given the criminal nature of this attack, Kmart is working closely with federal law enforcement authorities, our banking partners as well as security experts in this ongoing investigation,” says James.