Sears Holdings Corp., which owns Kmart, announced on Friday that customer credit and debit cards used at some Kmart retailers may have been vulnerable to a malicious software attack.
The company said in a statement that the breach appeared to have started in early September, and it was discovered by Kmart's IT team on Thursday. Kmart was quick to note that no personal information, such as debit PIN card numbers, email addresses, or social security numbers appeared to have been compromised. The company added that Kmart.com shoppers did not appear to have been impacted by the breach at all.
A spokesman for Sears declined to comment on the exact number of credit and debit cards affected, but he told The Wall Street Journal that the company is working with both the U.S. Secret Service and independent security firms to investigate the attack further. The company is also offering shoppers who have used their debit or credit cards at a Kmart over the past month free credit monitoring.