Financially troubled Sears Holdings has confirmed that hackers recently breached the credit card processing system for some of its Kmart stores, and that some customers’ cards might have been compromised.

But the corporation said neither Sears nor Kmart was deeply affected by the attack, which was the second of its kind since late 2014.

“Our investigation to date indicates our Kmart store payment data systems were infected with a form of malicious code (similar to a computer virus) that was undetectable by current anti-virus systems,” Sears Holdings said in a statement.

“Once aware of the new malicious code, we quickly removed it and contained the event. We are confident that our customers can safely use their credit and debit cards in our retail stores.”


Even so, cyber analysts routinely tell consumers to check their credit card statements when such a breach happens.

This incident “is a reminder that criminals still find it profitable to hack credit card data, in this case from a large retailer that went through the same thing less than three years ago,” said Stephen Cobb, a senior researcher in the San Diego office of ESET, a cybersecurity firm.

“Sadly, the American consumer is all too accustomed to hearing that their credit card ‘may have been compromised’ by a data breach at a big name store, restaurant or hotel,” he added. “We are all now familiar with the usual post-breach notice advice, but as a reminder, here is the short version: Check your account for suspicious activity, change your debit PIN, check your credit report and for good measure, change your online shopping passwords.”

Cobb said “Something striking about this breach is the language Kmart used in its announcement, which stated ‘store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls.’


“This sounds like a defensive statement, perhaps because this is the second breach for this retailer. But it is a claim that is very hard to verify (unless you have access to a state-of-the-art software testing facility that can assess the real-world capabilities of the dozens of security solutions that are on the market today).”

Kmart isn’t the only major chain recently hit by hackers. Over the Memorial Day weekend, Chipotle acknowledged that most of its stores had been hacked by criminals using malicious software.


Cybersecurity Playlist × On Now Senator Elizabeth Warren (D-Mass.) slams Equifax On Now LA 90: Yahoo data breach worse than originally reported On Now Lifelock offers to protect you from the Equifax breach — by selling you services provided by Equifax 1:02 On Now California beer maker thrives in Germany On Now Cyberattacks on Hollywood On Now Hackers gain access to OneLogin On Now What is WannaCry? On Now Senate overturns privacy rules for Internet providers On Now Online pirates claim to hold Disney's latest 'Pirates of the Caribbean' movie hostage, demand ransom On Now Yahoo warns users of malicious activity

Twitter: @grobbins

gary.robbins@sduniontribune.com