Hackers were back and, yes, they did it again. Kmart’s parent company, Sears Holdings Corporation, confirmed Wednesday that some of the 735 K-mart locations nationwide have been affected by yet another security breach, which is the second since 2014. The credit card processing system was infected with a malware-based code that might have compromised some customers’ cards, leading to unauthorized activity.
The virus-like malicious code, undetectable by present anti-virus systems, led to some customers’ credit card numbers being stolen, according to Sears Holdings.
The code was removed and the breach was contained. The company, which is based in suburban Hoffman Estates, IL, contends that there isn’t any evidence that either kmart.com or Sears customers were adversely impacted. At the same time, however, the company says that personal data was not pilfered; names, social security numbers, addresses, including email, were not targeted in the attack.
Sears says it’s safe for customers to use charge cards
The company says it is confident that customers can use debit and credit cards safely in its stores. Kmart also states that the company is working with private security firms and federal investigators in response to the criminal hacking attack.
The malware intrusion was first reported by a cybersecurity blog, Krebs on Security.
Krebs noted that both debit and credit cards using chips, rather than magnetic strips, for making purchases are “generally” more secure when it comes to data theft.
Sears Holdings has established a line for customers who have any questions about the current intrusion incident: (888) 488-5978.
Following a similar security breach in October 2014, Gareth Glynne, senior vice president at Sears, said the hackers are thought to have obtained and used the stolen data for creating counterfeit cards and for making purchases.
He further stated that the company believed the data for making counterfeit cards was limited.
Since the data breach in 2014, a federal judge in Chicago sanctioned a $5.2 million settlement reached in a class action lawsuit that financial companies brought against Kmart for the security intrusion. The settlement includes $1.7 million for plaintiffs’ attorneys.
Dust still settling from class action lawsuit for October 2014 security breach
Judge John Lee, U.S. Northern District of Illinois, signed off on the settlement on May 19. Among plaintiffs that filed the class action suit in 2015: Governmental Employees Credit Union and Oteen V.A. Federal Credit Union, First Choice Federal Credit Union, Gulf Coast Bank & Trust Company, and Greater Chautauqua Federal Credit Union.
The plaintiffs’ asserted that because Kmart failed to protect its customers’ debit and credit card data, hackers stole confidential information. When the hackers then, made fraudulent purchases with the cards, it resulted in the plaintiffs and financial institutions spending money and replacing cards and cover those purchases.
An estimated 8.1 million cards were affected, according to the suit.
Wayne R. Andersen, a mediator and retired federal judge, assisted in plaintiffs and Kmart reaching the multi-million dollar settlement. Judge Lee reviewed the agreement in 2016 and set deadlines for the process, including claims and for objections. No one objected. May 19 Judge Lee ratified the agreement and scheduled a June 16 status hearing. At that time, the judge has to approve the final allocation plan.
