A data breach at Kmart stores may have compromised some customers’ credit and debit cards, parent company Sears Holdings has said.
The data theft at Kmart that started last month is the latest in a string of hacking attacks on big US retailers including Target, Supervalu and Home Depot.
Sears, which also operates Sears stores, said Kmart’s information technology department detected a breach of its payment data systems on Thursday.
The company was unable to provide the number of affected cards but said that based on its investigation so far, it believes no personal information, debit card PIN numbers, email addresses or social security numbers were obtained by the hackers. There was also no evidence that Kmart.com shoppers were affected, it said.
Sears said Kmart was able to remove the malicious software from its systems.
The news of the hack is a blow to Illinois-based Sears Holdings, which is struggling with losses and sales declines as it fights to stay relevant with shoppers.
Sears said Kmart was working with law enforcement authorities and banking partners as it investigated the breach. It was also deploying software to protect customers’ information.
The company said it would be providing free credit-monitoring protection for customers who shopped with a credit or debit card at Kmart stores during September and up to Thursday. It also stressed that customers had no liability for unauthorised charges if they reported them in a timely manner, according to the policies of most credit card companies.
Sears said that the most up-to-date information would be available on its website, kmart.com, and customers could contact its customer care centre.
The announcement comes a few weeks after Home Depot, America’s largest home improvement chain, said a data breach that lasted for months at its stores in the US and Canada affected 56 million debit and credit cards. A pre-Christmas 2013 attack at Target compromised 40 million credit and debit cards.
The size of the theft at Home Depot trails only that of TJX Companies’ theft of 90 million records disclosed in 2007.
Target’s high-profile breach pushed banks, retailers and credit card companies to increase security by speeding the adoption of microchips in US credit and debit cards.
Supporters say chip cards are safer, because unlike magnetic strip cards that transfer a credit card number when they are swiped at a point-of-sale terminal, chip cards use a one-time code that moves between the chip and the retailer’s register.