Late Friday afternoon, Kmart kicked off the three-day holiday weekend by announcing that, for most of September, hackers were able to steal customer credit- and debit-card numbers from an unspecified numbers of Kmart stores across the country.
Kmart president and Chief Member Office Alasdair James posted a letter/statement dated Oct. 10 on Kmart's website:
On Thursday, Oct. 9, 2014 our IT team detected that our Kmart store payment data system had been breached …. The security experts report that beginning in early September, the payment data systems at Kmart stores were purposely infected with a new form of malware [which] resulted in debit and credit card numbers being compromised.
Bad news, though James went on to say:
Based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible. There is also no evidence that kmart.com customers were impacted. This data breach has been contained and the malware has been removed. I sincerely apologize for any inconvenience this may cause our members and customers.
Kmart is offering free credit monitoring to any customer who used a debit or credit card at a Kmart store anytime from September through Oct. 9 of this year. James ended his letter by offering a Kmart-specific version of the advice everyone has to follow after hackers access some retailer they patronized:
I suggest that customers carefully review and monitor their credit and debit card account statements. If customers see any sign of suspicious activity, they should immediately contact their card issuer. More guidance is also available on our website, kmart.com and customers can contact our customer care center at 888-488-5978.
Kmart still hasn't indicated how many stores were affected, or where. We'll keep you posted as more information becomes available.