Kmart Holding Corp. is the latest retailer to have a data-breach problem.
This story first appeared in the October 13, 2014 issue of WWD. Subscribe Today.
In a regulatory filing on Friday with the Securities and Exchange Commission, Sears Holdings Corp. — the parent of Kmart — said the breach was detected on Oct. 9 by the discounter’s information technology team. The breach was at Kmart’s payment data systems, and the retailer immediately launched a full investigation with a leading IT security team.
The regulatory filing said the investigation indicated the breach started in early September. The security experts working with Kmart said the store payment data systems were infected with a form of malware that was undetectable by current antivirus software. While the filing said Kmart was able to remove the malware, it believes “certain debit- and credit-card numbers have been compromised.”
The forensic investigation, to date, “indicates that no personal information, no debit-card PIN numbers, no e-mail address and no Social Security numbers were obtained,” and there is no evidence that kmart.com customers were impacted, the SEC filing said.
According to Robert Riecker, vice president, controller and chief accounting officer, who filed the statement with the SEC, Kmart is working closely with federal law-enforcement authorities, banking partners and IT security firms in the ongoing investigation. Kmart is also using advanced software to protect customers’ information.