DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Kmart discovers it was breached in September; discloses breach in SEC filing (UPDATED)

Posted on October 10, 2014 by Dissent

Danny Yadron of the Wall Street Journal just tweeted that Kmart has disclosed a data breach in its SEC filing. Indeed, they have:

On October 9, Kmart’s Information Technology team detected Kmart’s payment data systems had been breached and immediately launched a full investigation working with a leading IT security firm.

The investigation to date indicates the breach started in early September. According to the security experts Kmart has been working with, the Kmart store payment data systems were infected with a form of malware that was undetectable by current anti-virus systems. Kmart was able to quickly remove the malware. However, Kmart believes certain debit and credit card numbers have been compromised.

Based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible. There is also no evidence that kmart.com customers were impacted.

Given the criminal nature of this attack, Kmart is working closely with federal law enforcement authorities, banking partners and IT security firms in this ongoing investigation. Kmart is deploying further advanced software to protect customers’ information.

Unlike JP Morgan which disclosed their breach on their site in a coordinated way with their SEC filing, Kmart does not appear to have posted anything on their web site yet.

UPDATE: Thanks to commenter Charlie, who points us to Kmart’s newly added statement on their site.

Category: Business SectorMalwareOf NoteU.S.

Post navigation

← Travelers Says Liability Policy Doesn’t Cover P.F. Chang’s Data Breach
Colorado health officials announce privacy breach →

2 thoughts on “Kmart discovers it was breached in September; discloses breach in SEC filing (UPDATED)”

  1. Charlie says:
    October 10, 2014 at 7:04 pm

    Kmart statement on their website > http://www.kmart.com/en_us/dap/statement1010140.html?adcell=hpnewsrelease

    1. Dissent says:
      October 10, 2014 at 8:07 pm

      Thanks so much! Updated the post to link to their statement.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.