Kmart discloses malware related data breach

On the same day that Dairy Queen announced their own malware-based data breach, Kmart (owned by Sears Holdings Corp.) reported the discovery that credit and debit cards were compromised after criminals installed malware on their payment systems.

According to the company, IT staff discovered the malware on Thursday (October 9). Additional investigation into the matter revealed that their systems were infected in early September.

The data compromised by the POS malware is commonly referred to as Track 2 data, which would enable a criminal to clone the customer’s card. However, other personal information was not exposed.

“Based on the forensic investigation to date, no personal information, no debit card PIN numbers [sic], no email addresses and no social security numbers were obtained by those criminally responsible,” Kmart said in a statement.

The incident only affects in-store shoppers only, as Kmart.com was not part of the breached systems. In response, Kmart says they’re offering customers credit monitoring (888-488-5978).

Kmart didn’t name the malware detected, but given the pattern in recent months, it’s likely that they, like Dairy Queen, were compromised by a variant of Backoff – a family of malware that targets POS systems.

In July, the US Secret Service warned retailers about Backoff, advising them that criminals were targeting poorly protected instances of RDP, including services from Microsoft, Apple, Chrome, Splashtop 2, Pulseway, LogMeIn, and Join.Me.

At the time of the initial warning, criminals had targeted some 600 businesses with Backoff.

On Thursday, Dairy Queen said that Backoff was responsible for POS compromises at nearly 400 stores. Kmart said that their investigation is ongoing, and that they are working with federal authorities.