The U.S retailer Kmart has fallen victim to hackers who have targeted credit and debit card payments.
The chain is the latest store to be attacked by hackers who Kmart say infected cash registers at over 1,200 stores throughout America.
Registers were infected with a virus that stole the details from customer’s payment cards since September. Kmart only released details of the attack on 9th October, but it is thought that customer’s accounts have been hacked for over a month.
Kmart released a statement that said cyber hackers had stolen the numbers from customer’s debit and credit cards but the actual amount of people affected is not known.
Kmart did say that no ‘personal information, pin codes, email addresses or social security numbers were taken with the card numbers’.
The U.S retailers has now removed the malware virus and that customers can rest assured that the breach in security has been contained, but an investigation is being carried out to see how the hackers were able to bypass the store’s security.
They added that there was no immediate evidence to suggest that the numbers taken from the hackers was to produce fake credit or debit cards, or to create false identities. The investigation is ongoing to gauge the impact of the security breach.
It is thought that Kmart has called upon the US Secret Service, which investigates financial fraud, to look into the case.
The president of Kmart, Alasdair James, said in a statement to all customers:
“I sincerely apologise for any inconvenience this may cause our members and customers,” he said.
The U.S has offered a free credit monitoring protection for customers to make sure that they do not fall victim to any fraudulent use of their cards and to ensure that this doesn’t affect future credit scores.
Kmart is the latest in a line of retailers that have had a security breach, most recently the Dairy Queen restaurant chain stated that some of their restaurants across 46 states in the US had also been attacked using malware. The hackers stole not just numbers but customer’s names and expiration dates of payment cards at over 395 restaurants.
This seems to be the way hackers are now targeting retailers, by using the cash registers. as Target found to their cost when cyber thieves stole over 40 million payment card details.
The problem for retailers, particularly the larger stores is that the breach is hard to detect until a long time after the initial attack, when many people’s card details have been stolen.
Shawn Henry, who now heads up security firm CrowdStrike Services, and was a former FBI officer, spoke to Reuters and agreed that retailers needed to do a better job of detecting breaches quickly before a large amount of data was stolen.
He blamed the large computer networks employed by retailers, which allowed the cyber thieves a way in:
“This is going to continue indefinitely until people change their practices,” said Mr Henry.
Source: BBC News