Kmart Investigating Payment Security Incident
May 31, 2017
To Our Members,
I am reaching out to inform our loyal Kmart customers of a recent payment security incident. We recently became aware Kmart was a victim of a security incident involving unauthorized credit card activity after certain customer purchases at some of our stores. We immediately launched a thorough investigation and engaged leading IT security experts to review our systems and secure the affected part of our network.
Our investigation to date indicates our Kmart store payment data systems were infected with a form of malicious code (similar to a computer virus) that was undetectable by current anti-virus systems. Once aware of the new malicious code, we quickly removed it and contained the event. We are confident that our customers can safely use their credit and debit cards in our retail stores.
Based on the forensic investigation, NO PERSONAL identifying information – including names, addresses, social security numbers, birth dates and email addresses – was obtained by those criminally responsible. However, we believe certain credit card numbers have been compromised. All Kmart stores were EMV “Chip and Pin” technology enabled during the time that the breach occurred, and we believe the exposure to cardholder data that can be used to create counterfeit cards is limited. There is no evidence that kmart.com or Sears customers were impacted nor that debit PIN numbers were compromised.
It is important to note that the policies of most credit card companies state that customers have no liability for any unauthorized charges if they report them in a timely manner. We suggest that customers carefully review and monitor their debit and credit card account statements. We sincerely apologize for any inconvenience this may cause our members and customers.
Given the criminal nature of this attack, Kmart is continuing to work closely with federal law enforcement authorities, our banking partners, and IT security firms in an ongoing investigation. We are also actively enhancing our defenses in light of this new form of malware. Data security is of critical importance to our company, and we continuously review and improve the safeguards that protect our data in response to changing technology and new threats.
Customers who wish to access the most up-to-date information can learn more at our website, kmart.com, or contact our customer care center at any time at 888-488-5978.
Senior Vice President
Retail Operations, Sears & Kmart