Kmart has a blue light special on malware -- system breach exposes credit card numbers

As someone who grew up in a lower middle class family in the suburbs known as Long Island, there were two places I spent a lot of time shopping with my mom -- Cheap Johns and Kmart. While the former has since gone out of business, the latter still stands. Actually, the fact that it is still operating is surprising -- don't get me wrong, it is an OK store, but Walmart has lower prices and better selection, even if the overall experience is poor. Once Walmart opened in my area, many people ditched Kmart -- the store famous for its "blue light specials". Heck, if someone wants to step up to a nicer store than Walmart, they'll likely head to Target nowadays -- sorry, Kmart.

Unfortunately for Kmart, it now shares something other than low-prices with Target -- malware and data breaches. Yes, today Kmart announces that its payment systems were breached, and debit and credit card numbers have been stolen. Should we be worried?

"On Thursday, Oct. 9, 2014 our IT team detected that our Kmart store payment data system had been breached and immediately launched a full investigation working with a leading IT security firm. The security experts report that beginning in early September, the payment data systems at Kmart stores were purposely infected with a new form of malware (similar to a computer virus). This resulted in debit and credit card numbers being compromised", says Alasdair James, President and Chief Member Officer, Kmart.

James further explains, "based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible. There is also no evidence that kmart.com customers were impacted. This data breach has been contained and the malware has been removed. I sincerely apologize for any inconvenience this may cause our members and customers".

While Kmart deserves kudos for disclosing the breach so quickly, I fear the company is acting too fast by trying to quell fears already. If you read closely, James says "based on the forensic investigation to date" -- to date? Well, you only discovered it yesterday, so I am sure there are still opportunities for more discoveries. In other words, while things like pin numbers and social security numbers appear unaffected today, tomorrow may tell a different story.

For now, Kmart is promising complimentary credit monitoring protection for any shopper that used a credit or debit card in the store. It is probably overkill for the company to start offering credit monitoring if nothing other than card numbers were stolen. However, the gesture is appreciated even if it is nothing more than the historically expected response in such a circumstance.

Have you shopped at Kmart lately? Tell me in the comments.

Photo credit: Ken Wolter / Shutterstock