Skip to main content

Kmart is the latest retailer to have its payment systems hacked

Kmart is the latest retailer to have its payment systems hacked


An undisclosed amount of debit and credit cards may be at risk

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Target, Home Depot, Neiman Marcus, and PF Changs have all had their payment systems hacked in recent months — now you can add Kmart to that list. According to a recent SEC filing and confirmed in a statement from the company, the Sears-owned department store chain discovered on October 9th that its "payment data systems had been breached" by hackers, and the company believes that "certain debit and credit card numbers have been compromised." Unfortunately, it's not clear yet how extensive this attack was, but the company does note that it believes it was vulnerable from early September through yesterday, when it removed the malware responsible for the attack.

On the plus side, Kmart says that PIN numbers, social security numbers, email addresses, and other personal information were not accessed in this hack; shoppers should also be in the clear. While Kmart isn't disclosing exactly how the breach took place yet — aside from saying that the attack was carried out by a "form of malware that was undetectable by current anti-virus systems" — it sounds similar to the other recent retailer attacks, which have focused on point-of-sale credit card readers.

Of course, the retailer is "working closely with federal law enforcement authorities, banking partners and IT security firms," and the company is also offering free credit monitoring services for anyone who shopped at Kmart from the month of September through October 9th — an offer that has become commonplace from retailers who've been hacked.