© 2024 Kansas City Public Radio
NPR in Kansas City
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

Kmart Says Its Store Registers Were Hacked, Exposing Credit Cards

Kmart says it has removed malware that had infected its checkout registers in stores. The company believes the malware may have been in place for about a month before it was detected.
Rachel Murray
/
Getty Images
Kmart says it has removed malware that had infected its checkout registers in stores. The company believes the malware may have been in place for about a month before it was detected.

For about a month, Kmart says, its stores' checkout registers were "compromised by malicious software that stole customer credit and debit card information."

The company, owned by Sears, says it removed the malware from its system after it was discovered Thursday. It announced the exposure late Friday, saying that no personal data or PIN numbers were lost.

While some important customer information seems to have been protected, the breach could still allow criminals to make counterfeit versions of the exposed credit cards.

The company announced the problem on its website, along with recommendations that "If customers see any sign of suspicious activity, they should immediately contact their card issuer." The company also says customers can get more information at its website and over the phone at 888-488-5978.

The number of customers in question hasn't been announced; the vulnerability did not affect online shoppers, the company says.

Saying the breach likely began in early September, Sears announced that to protect anyone "who shopped with a credit or debit card in our Kmart stores during the month of September through yesterday (Oct. 9, 2014), Kmart will be offering free credit monitoring protection."

The data breach affected only "track 2" data, reports security expert Brian Krebs, citing a Sears spokesman who says the information "did not include customer names, email address, physical address, Social Security numbers, PINs or any other sensitive information."

With Friday's announcement, the retailer joins Target, Neiman Marcus and Home Depot on the list of large companies whose customers' data was accessed illegally in the past year.

Copyright 2020 NPR. To see more, visit https://www.npr.org.

Bill Chappell is a writer and editor on the News Desk in the heart of NPR's newsroom in Washington, D.C.
KCUR prides ourselves on bringing local journalism to the public without a paywall — ever.

Our reporting will always be free for you to read. But it's not free to produce.

As a nonprofit, we rely on your donations to keep operating and trying new things. If you value our work, consider becoming a member.