Some Kmart stores were targeted by hackers, leading to unauthorized activity on some of its customers’ credit cards, the retailer’s parent company said.
Sears Holdings Corp. (SHLD) said in a blog post late Wednesday that Kmart’s store payment systems were recently infected with virus-like computer code it described as “undetectable” by current anti-virus systems.
It said some credit card numbers were stolen. A Sears Holdings spokesman said the investigation into the hack is still ongoing, so details on the dates of the breach, how many customers were affected and which stores were targeted, were not available. Not all Kmart stores were affected, he said. Kmart had 624 stores at the end of April.
No personal information, such as names, addresses, social security numbers and email addresses, was pilfered, the company said.
Sears Holdings, which is based in Hoffman Estates, Illinois, said it has removed the hackers’ code and is confident Kmart customers can safely use their credit and debit cards in its stores.
There is no evidence kmart.com or Sears customers were affected, it added.
Sears Holdings also said that given its rollout of more secure cash register systems, it believes that the exposure of cardholder data that can be used to create counterfeit cards was limited.
“Data security is of critical importance to our company, and we continuously review and improve the safeguards that protect our data in response to changing technology and new threats,” said the company in the blog post.