It’s a sequel nobody wanted to see. A few years ago, Kmart was one of the big names that suffered from a malware infection that stole customer credit card information. Last week, news started trickling in that it was happening again.
As usually happens in these cases, financial institutions started seeing a pattern in stolen credit cards and eventually traced it back to Kmart stores.
Kmart hasn’t yet released the numbers of compromised credit cards or how long the malware was in the system, but they did release a statement saying that the malware infecting their system wasn’t detected by their current security and that they contacted a third-party to review and clean their system. The statement also said that no names, addresses, Social Security numbers, or email addresses were stolen. They also maintain that the data stolen was would have limited impact due to EMV compliance and that customers of the online store and Sears were not impacted.
If the Kmart statement is to be believed, what they’re saying is that chip card security helped minimize the damage, which it was designed to do. Malware infecting point-of-sales systems is able to steal data from a credit card’s magnetic stripe, whereas chip cards do not have that vulnerability.
This is a good reminder that if your bank hasn’t issued you a chip card yet, or you shop at a place that does not have chip card POS terminals, you should take your business elsewhere or use cash.