On Thursday, Oct. 9, Kmart confirmed that they had suffered data breach, in which customer credit and debit card numbers were exposed. Hackers executed the attack by placing malware on the discount retailer’s point-of-sale system.
Experts believe the malware was first installed in early September and went undetected by Kmart’s current anti-virus software for nearly a month. The retailer has since brought in outside security experts and is working with federal law enforcement to resolve the issue.
It is unknown how many Kmart locations were impacted by the attack.
Just last Thursday; Dairy Queen announced that “Backoff” malware exposed customer payment card information at 395 of their stores. This is the same type of malware used in the Target data breach.
The Department of Homeland Security released an advisory this summer, warning businesses of “Backoff” malware on point-of-sale systems. It is not yet known whether “Backoff” was responsible for Kmart’s point-of-sale breach as well.
Despite thieves making off with payment card numbers, Kmart’s President Alasdir James insisted in the company’s press release that “no personal information, no debit card PIN numbers, no email addresses and no Social Security numbers were obtained by those criminally responsible.”
What should you do?
Customers who used their payment card at Kmart within the past month should take the following precautionary measures:
- Monitor your bank statements for unusual transactions
- Check your credit report
- Report any unusual activity; remember, credit card companies will not hold customers liable for fraudulent charges as long as they are reported quickly
- Contact your financial institution to set up email or text alerts for your credit or debit cards
- Enroll in free credit monitoring protection by contacting Kmart’s customer care center at 888-488-5978 or visiting kmart.com.
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.