For the second time in three years, hackers have installed malware on POS systems at US discount chain Kmart and stolen customer credit card data.
Confirming a report by blogger Brian Krebs, Kmart parent company Sears Holdings says that it recently discovered that cards previously used at Kmart stores were making unauthorised purchases.
A forensic investigation found payments data systems infected with malware that had gone undetected by the firm's anti-virus software. No details have been provided on how long systems were compromised for or how many of Kmart's 700-plus stores were affected.
Sears says that no personal information such as name and addresses were obtained but some credit card numbers appear to have been compromised.
Despite this, the firm claims that "in light of our EMV compliant point of sale systems, which rolled out last year, we believe the exposure to cardholder data that can be used to create counterfeit cards is limited".
The breach is the second malware-based hit on Kmart POS systems in less than three years.