Kmart which is a chain of discount department stores has been the latest company to disclose that they have suffered a data breach which has compromised customers’ credit and debit card information.
Cyber-thieves managed to infect cash registers at 1,200 Kmart stores with malware which collected the debit and credit card details. It has been reported that the malware remained undetected for over a month and was discovered on the 9th October.
In a statement that was released by Alasdair James who is the President and Chief Member Officer, it was confirmed that they have launched a full investigation and that confidential data has been compromised.
James stated, “On Thursday, Oct. 9, 2014 our IT team detected that our Kmart store payment data system had been breached and immediately launched a full investigation working with a leading IT security firm. The security experts report that beginning in early September, the payment data systems at Kmart stores were purposely infected with a new form of malware (similar to a computer virus). This resulted in debit and credit card numbers being compromised.”
Alasdair James also stated that the initial investigation has revealed that no personal information such as social security numbers or PIN numbers has been compromised and that the malware has been contained and removed.
James added, “Based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible. There is also no evidence that kmart.com customers were impacted. This data breach has been contained and the malware has been removed.”
In an attempt to help protect and appease the affected customers, Kmart are offering free credit monitoring protection for the affected customers to ensure that any fraudulent use of their cards doesn’t affect their credit score.
Kmart have become the latest American company to have suffered a data breach which has resulted in confidential data being compromised. Other companies such as Home Depot and JPMorgan Chase have also been successfully targeted by cyber-thieves in recent times which shows the importance to remain proactive when it comes to security of systems and data.
American retailer Home Depot has confirmed that they have suffered a data breach after conducting an investigation.
Even though the overall number of those affected is yet unknown, it is being reported that the data breach could be one of the largest ever seen.
Home Depot chairman Frank Blake has said that they owe it to their customers to inform them that a data breach has occurred.
Blake stated, “We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It is important to emphasise that no customers will be responsible for fraudulent charges to their accounts.”
As previously reported, Home Depot had confirmed that they were conducting an investigation after Brian Krebs reported on his website that several banks believe that Home Depot is the source of the data breach which has exposed credit and debit card information.
Krebs has also confirmed that some of the stolen details have already emerged for sale on Rescator which will allow fraudsters to counterfeit cards and possibly personal identities.
Krebs stated, “The zip code data is important because it allows the bad guys to quickly and more accurately locate the social security number and data or birth of cardholders using criminal services in the underground that sell this information.”
American retailer Home Depot has confirmed that they are currently investigating a possible data breach which may have resulted in customer credit and debit card information being compromised.
Home Depot is currently working with the police to see if they have suffered a data breach after security expert Brian Krebs reported that hackers are selling details of stolen credit and debit cards used at the retailer.
Paula Drake who is a spokeswoman for Home Depot has confirmed that that they are currently investigating a possible data breach and that they will notify customers immediately if the investigation concludes that data has been compromised.
Drake stated, “Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately.”
Brian Krebs reported on his website that several banks believe that Home Depot is the source of the data breach which has exposed credit and debit card information. Krebs also reported that the stolen information could go back to April or May and that there are signs that the data was stolen by the same group who were involved in the Target data breach.
Krebs stated, “There are signs that the perpetrators of this apparent breach may be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target … among others.”
The Target data breach resulted in 40 million credit and debit card data information and personal data belong to a total of 70 million customers being compromised.
Brian Krebs also stated that the stolen information was for sale on Rescator was labelled American sanctions. Krebs believes that this was retribution for the US and European sanctions against Russia.