CNET también está disponible en español.

Ir a español

Don't show this again

Security

Kmart, Dairy Queen see payment-card data stolen

The retailer and the fast-food chain are the latest businesses to report that hackers accessed payment-card data by breaching their systems.

Image of a slew of various credit cards
Hackers continue to nab credit card numbers by placing malware on stores' payment systems. Getty Images

Kmart and Dairy Queen customers should check their credit- and debit-card statements for shady activity.

That's because the retailer and the fast-food chain have become the latest businesses to reveal that their payment systems were hacked.

"Beginning in early September, the payment data systems at Kmart stores were purposely infected with a new form of malware (similar to a computer virus)," Kmart President and Chief Member Officer Alasdair James said in a statement this week. "This resulted in debit and credit card numbers being compromised." A statement from Dairy Queen, also this week, said "payment card customer names, numbers and expiration dates" had been accessed by way of malware.

Kmart's James said there was no evidence as yet of any personal information, debit card PIN numbers, email addresses or Social Security numbers being nicked during the hack and that Kmart.com customers didn't seem to be affected. The breach has been plugged and the malware removed, James said. Dairy Queen similarly said there was no indication that any other personal information was affected and that the security hole had been addressed.

Kmart and Dairy Queen join a number of other businesses that have suffered payment-system breaches in the past couple of years. In September, Home Depot said 56 million of its customers' credit card numbers had been put at risk because of a hack. In January, Target said a breach at its stores revealed the month before may have affected as many as 110 million customers. Other breached businesses include department store Neiman Marcus, arts and crafts retail chain Michaels Stores and restaurant chain P.F. Chang's.

Kmart didn't say how many of its stores were hit or how many payment cards may have been affected. Dairy Queen said nearly 400 of its US restaurants -- along with one Orange Julius outlet -- had seen payment-card numbers stolen and that the time frame of the breaches was different according to a restaurant's location. Most were affected in August and September, with at least one being tapped into October. Dairy Queen posted a list of the affected restaurants and when they were vulnerable.

Sears subsidiary Kmart said customers who shopped at a Kmart outlet during September and through October 9 are eligible for free credit monitoring protection and that information on that program would be available at Kmart.com. Dairy Queen said US customers who used their payment card at one of the breached locations during the relevant time period are eligible for free identity repair services, with information available on its site.