- Business Insider/Hayley Peterson
Kmart customers’ credit card data was stolen, the retailer said Thursday.
Kmart parent company Sears Holdings is working with federal authorities to investigate the security breach and says no identifying information, such as customer names or social security numbers, was stolen with the credit card data.
There’s evidence that the attackers have used the stolen data to create counterfeit cards and make purchases on those cards, Sears senior vice president Gareth Glynne said in a message posted to the company’s website.
He didn’t reveal when the breach occurred or how many customers were affected by it.
“We believe the exposure to cardholder data that can be used to create counterfeit cards is limited,” he said.
After the problem was detected, Kmart secured its system and the stores are now safe to shop, Glynne said.
“Once aware of the new malicious code, we quickly removed it and contained the event,” he said. “We are confident that our customers can safely use their credit and debit cards in our retail stores.”
Shoppers who made purchases at Kmart.com or at Sears stores were not affected by the breach.
It’s an unfortunate time for a security breach to hit Kmart, as it battles plunging sales following years of falling customer traffic.
Sears’ sales overall tumbled more than 20% to $4.3 billion in the most recent quarter. Same-store sales dropped 12.4% at Sears stores and 11.2% at Kmart stores.