Table of Contents
NEW YORK — Kmart has become the latest retailer to fall victim to data theft.
Kmart has become the latest retailer to fall victim to data theft.
The company says the breach started in early September when Kmart store payment data systems were infected with a form of malware. Hackers are believed to have stolen some credit card and debit card numbers before the malware was found and removed.
"Based on the forensic investigation to date, no personal information, no debit card PIN numbers, no e-mail addresses and no social security numbers were obtained by those criminally responsible," the retailer said in a statement. "There is also no evidence that kmart.com customers were impacted."
The cyberattack, which is being investigated by the Secret Service, is just the latest example of a problem that has plagued retailers and other companies since a massive data breach at Target Corp. grabbed headlines late last year. Earlier this month the bank JPMorgan Chase revealed that a cyberattack in June compromised the accounts of 76 million households and seven million small businesses.
In September Supervalu Inc. and AB Acquisition LLC, which operates stores under the Albertsons, Acme Markets, Jewel-Osco, Shaw’s and Star Markets banners, announced that their credit and debit card data systems had been hacked for the second time.
Supervalu said it believed that the breach only affected four franchised Cub Foods outlets in Minnesota. The systems at those stores had not yet been updated with enhanced protective technologies developed in the wake of an earlier breach that was disclosed in August.
"We care greatly about our customers, and the safety of their personal information will continue to be a top priority for us," said Supervalu president and chief executive officer Sam Duncan. "We’ve taken measures to install enhanced protective technology that we believe significantly limited the ability of this malware to capture payment card data and we will continue to make these investments going forward."
The latest breach also affected hundreds of stores operated by Albertsons. Although it sold the Albertsons, Acme, Jewel-Osco, Shaw’s and Star Markets chains to last year, Supervalu still provides information technology services to the stores.
"We take our responsibility to protect our customer’s payment card data seriously," said AB Acquisition CEO Bob Miller. "We sincerely regret that our customers’ data was targeted. As a company, our decisions are always focused on what is best for our customers, and we know this issue has inconvenienced them and caused concern. We are taking appropriate measures to enhance the protection of our customer’s payment card data. We are working closely with all parties on the investigation into this incident.”
The announcement of the data breach at Kmart happened to come during this year’s National Cybersecurity Awareness Month.
The Retail Industry Leaders Association (RILA) marked the month by encouraging collaboration among all stakeholders in the ecosystem.
"We need to be working with each other, we need to be working with the government, and we need to be working between industries, which is something that we have done after many years of doing battle over a variety of things," said RILA executive vice president for communications and special initiatives Brian Dodge at the Washington Post Cybersecurity Summit 2014 earlier this month. "The financial services industry and the merchant community came together early this year to figure out other ways for us to truly work together because we represent the full length of the payments ecosystem, from the card networks to the big banks, small banks, all kinds of merchants.
"The financial services industry and the merchant community came together early this year to figure out other ways for us to truly work together because we represent the full length of the payments ecosystem, from the card networks to the big banks, small banks, all kinds of merchants."
RILA president Sandy Kennedy noted that no industry is immune to the threat posed by cybercriminals, and urged the public and private sector to work together to find ways to combat the threat.
