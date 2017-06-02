Financially-troubled Sears Holdings has confirmed that hackers recently breached the credit card processing system of some of its Kmart stores, and that the cards of some customers could have been compromised.

As it turns out, the malicious code used to infect Kmart’s store payment data systems was undetectable to current anti-virus systems and application controls, says Sears Holdings.

NEW YORK (AP) – Some Kmart stores were targeted by hackers, leading to unauthorized activity on some of its customers’ credit cards, the retailer’s parent company said.

“There is also no evidence that kmart.com or Sears customers were impacted”, it said. In Oct. 2014, the company revealed that its systems had been breached the month before.

There are 735 Kmart stores across 49 states in the US.

Despite this, the firm claims that “in light of our EMV compliant point of sale systems, which rolled out a year ago, we believe the exposure to cardholder data that can be used to create counterfeit cards is limited”.

The company has launched an investigation and is working closely with federal law enforcement authorities, banking partners and third party security firms to review its systems. Once the chain was aware of the malicious code, “we quickly removed it, contained the event, and secured the affected part of our network”, Sears said. “We are also actively enhancing our defenses in light of this new form of malware”. “Data security is of critical importance to our company, and we continuously review and improve the safeguards that protect our data in response to changing technology and new threats”. Using this information, the cards can be cloned and purchases made using these clones would be debited from the credit card user’s account. The malware copies credit card information from the card’s magnetic strip, when the cards are swiped at payment kiosks.

Fantuzzi said because a company’s risk posture is only as good as the most vulnerable system, investing thorough assessments that provide more visibility into the greatest areas of risk in an IT environment will serve to significantly mitigate or altogether prevent more risk in future.

At least two financial industry sources told KrebsOnSecurity that the breach does not appear to be affecting all Kmart stores. The chip essentially makes the cards far more hard and expensive to counterfeit.

There are area Kmart stores off Massey Boulevard just south of Hagerstown and in Frederick, Chambersburg, Pa., and Martinsburg, W.Va., according to the company’s website.

Visa said in March 2017 there were more than 421 million Visa chip cards in the country, representing 58 percent of Visa cards.