Kmart Confirms Month-long Hack

Why happened?Kmart_logo.svg

On Thursday, Oct. 9, Kmart confirmed that they had suffered data breach, in which customer credit and debit card numbers were exposed. Hackers executed the attack by placing malware on the discount retailer’s point-of-sale system.

Experts believe the malware was first installed in early September and went undetected by Kmart’s current anti-virus software for nearly a month. The retailer has since brought in outside security experts and is working with federal law enforcement to resolve the issue.

It is unknown how many Kmart locations were impacted by the attack.

The data breach mirrors other notable breaches, as malware has been at the heart of almost all of them. This includes Target, Home Depot and most recently Dairy Queen.

Just last Thursday; Dairy Queen announced that “Backoff” malware exposed customer payment card information at 395 of their stores. This is the same type of malware used in the Target data breach.

The Department of Homeland Security released an advisory this summer, warning businesses of “Backoff” malware on point-of-sale systems. It is not yet known whether “Backoff” was responsible for Kmart’s point-of-sale breach as well.

Despite thieves making off with payment card numbers, Kmart’s President Alasdir James insisted in the company’s press release that “no personal information, no debit card PIN numbers, no email addresses and no Social Security numbers were obtained by those criminally responsible.”

What should you do?

Customers who used their payment card at Kmart within the past month should take the following precautionary measures:

  1. Monitor your bank statements for unusual transactions
  2. Check your credit report
  3. Report any unusual activity; remember, credit card companies will not hold customers liable for fraudulent charges as long as they are reported quickly
  4. Contact your financial institution to set up email or text alerts for your credit or debit cards
  5. Enroll in free credit monitoring protection by contacting Kmart’s customer care center at 888-488-5978 or visiting

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.


Leave a Comment.