Kmart Investigating Payment System Breach

October 10, 2014

To Our Members,

I am reaching out to inform our loyal Kmart customers of a recent payment security incident. On Thursday, Oct. 9, 2014 our IT team detected that our Kmart store payment data system had been breached and immediately launched a full investigation working with a leading IT security firm. The security experts report that beginning in early September, the payment data systems at Kmart stores were purposely infected with a new form of malware (similar to a computer virus). This resulted in debit and credit card numbers being compromised.

Based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible. There is also no evidence that kmart.com customers were impacted. This data breach has been contained and the malware has been removed. I sincerely apologize for any inconvenience this may cause our members and customers.

It’s important to note that the policies of the credit card companies state that customers have zero liability for any unauthorized charges if they report them in a timely manner.

The privacy and security of our customers’ information is of utmost importance to us, and we are committed to doing everything we can to safeguard our customers’ information in the face of a recent surge of data attacks. To further protect our members and customers who shopped with a credit or debit card in our Kmart stores during the month of September through yesterday (Oct. 9, 2014), Kmart will be offering free credit monitoring protection.

Given the criminal nature of this attack, Kmart is working closely with federal law enforcement authorities, our banking partners as well as security experts in this ongoing investigation.

I want our customers to be aware of the situation and I suggest that customers carefully review and monitor their credit and debit card account statements. If customers see any sign of suspicious activity, they should immediately contact their card issuer. More guidance is also available on our website, kmart.com.

Sincerely,