Sears Holdings Corp. announced late Friday that it detected a data breach at its Kmart stores that started last month and that certain customers' credit and debit card accounts have been hacked.
The data theft at Kmart is the latest in a string of incidents that have hit several big retailers, including Target, Supervalu and Home Depot. For the Hoffman Estates, Illinois-based parent company, however, the breach comes at a time when it's struggling with losses and sales declines as it fights to stay relevant with shoppers.
Sears Holdings, which also operates Sears stores, says that Kmart's information technology department detected on Thursday that its payment data systems had been breached. But it couldn't provide the number of affected cards. However, it said that it was able to remove the malware. It also noted that based on a forensic investigation to date, no personal information, debit cards, PIN numbers, email address, and social security information were obtained by the hackers. And there's no evidence that Kmart.com shoppers were affected.
Sears says Kmart immediately launched a full investigation and is working with a leading security firm. It added that it's also working closely with federal law enforcement authorities and banking partners in this ongoing investigation. Kmart is also implementing further advanced software to protect customers' information.
The company said that it will be providing free credit monitoring protection for those customers who shopped with a credit or debit card in its Kmart stores during the month of September through Thursday. It also emphasized that customers have no liability for any unauthorized charges if they report them in a timely manner, according to the policies of most credit card companies. Sears said that the most up-to-date information will be available on its website, kmart.com and customers can contact its customer care center at 888-488-5978.
The announcement comes a few weeks after Home Depot, the nation's largest home improvement chain, said that a data breach that lasted for months at its stores in the U.S. and Canada affected 56 million debit and credit cards. That's far more than a pre-Christmas 2013 attack at Target Corp., which compromised 40 million credit and debit cards.
The size of the theft at Home Depot trails only that of TJX Companies' heist of 90 million records disclosed in 2007.
Target's high-profile breach pushed banks, retailers, and credit card companies to increase security by speeding the adoption of microchips in U.S. credit and debit cards. Supporters say chip cards are safer, because unlike magnetic strip cards that transfer a credit card number when they are swiped at a point of sale terminal, chip cards use a one-time code that moves between the chip and the retailer's register.