Sears Holding Corp. Friday revealed that point-of-sale malware was discovered at its Kmart stores.
The malware was undetectable by current anti-malware software. The retailer’s IT experts detected the malware and quickly removed it, but not before some customer data was likely compromised, the company said.
Any stolen data was only “track 2” data, meaning that names, email addresses, Social Security numbers, PINs, physical addresses, and other similar private information were not affected.
IT experts at Kmart appear to be on top of things, apparently quickly discovering and excising the point-of-sale malware infecting their system. Cyber-thieves didn’t get deep layers of data, although what they did get could be used for a variety of fraudulent purposes.
This is the last thing that Kmart’s parent, Sears Holding Corp., needs right now, as the retailer teeters on the brink. And it’s just another reminder that payment security is a significant problem for retailers and their customers, to say the least.