Kmart announced Oct. 10 its information technology team detected a data breach of stores' payment systems, compromising an unknown number of customer credit and debit cards.
At this time, there aren't many details available on the breach — Kmart's team only detected it the day prior to its announcement, according to a company news release — but here's what the information security people at Kmart say they know so far.
It Happened Recently
The breach seems to have started in early September, meaning anyone who shopped with a credit or debit card at a Kmart store in the last month should be extra cautious in reviewing card statements for signs of fraud.
Mainly Card Numbers Were Compromised
Thus far, the Kmart investigation has shown only credit and debit card numbers were affected in this breach. "No personal information, no debit card PIN numbers, no email addresses and no Social Security numbers were obtained by those criminally responsible. There is also no evidence that kmart.com customers were impacted," the company announcement said.
This may not ease the minds of debit card users. It's not difficult for a fraudster to change a debit card's PIN, said Adam Levin, fraud expert and chairman and co-founder of Credit.com, so it might be worthwhile for customers to ask their banks to change their debit card numbers.
Even if your debit card number is stolen and used without your permission, reporting the fraud immediately after you've detected it will prevent you from having to pay for unauthorized charges in excess of $50, as required by law. The longer you wait to report debit card fraud after noticing it, the more likely you'll be held responsible for paying. Credit card users can only be held liable for $50 of charges, but many credit card issuers have zero-liability policies for cardholders. No matter what your card agreement says, it's smart to check your account activity daily, so you can immediately spot and report fraud.
The Malware Has Been Removed
The information security team detected the malware with anti-virus software and removed it quickly, the company news release states. Though Kmart is a subsidiary of Sears Holding Corp. (SHLD), it seems this attack was isolated to Kmart stores. It's unclear how many stores were caught up in the attack: As of February, there were 1,152 Kmarts in 49 states, Guam and Puerto Rico and the U.S. Virgin Islands, according to the Sears Holding Corp. annual report.
You Can Get Free Credit Monitoring
As has become the default response from companies experiencing payment system breaches, Kmart announced it will offer free credit monitoring to customers who shopped in its stores between September and Oct. 9. Further details on that service were not included in the company's initial announcement.
Checking your credit scores can help you spot unauthorized activity, because if a thief gets your payment data and runs up a balance on your credit card, your scores will likely drop as a result. To best protect yourself from credit damage, make a habit of checking your card activity daily, reviewing your credit scores monthly and checking your credit reports annually. You can get two of your credit scores for free with updates every 30 days from Credit.com, and for free credit reports, visit AnnualCreditReport.com.
More from Credit.com