Yesterday, I told you about Dairy Queen becoming the most recent company to announce that it had been hacked.  Today, it is my duty to tell you that Dairy Queen has lost that honor to Kmart, which, in a filing with the SEC announced that it too had been hacked and suffered a data breach in which debit card numbers and credit card numbers had been compromised through the same type of “Backoff” malware that I have been warning you about for months.  The data breach began in early September and was discovered by Kmart on October 9th.   Required filings with the SEC have become the most common way for the public to learn that they have been involved with a data breach at the companies where they shop.  The pattern of this data breach again follows what I described in my column for USA Today on September 27th entitled “Coming soon:  Another major retailer hacked” in which I provided a fill-in-the-blank format for the stories of future data breaches in which I predicted exactly how they would occur in the future which is precisely what happened at Kmart.  Here is a link to that column:

Kmart has assured its customers that no debit card PINs were compromised, but this is of little consolation since as I described in my Scam of they day of January 1, 2014, identity thieves can often decipher PINs using computer programs that easily crack the many common PINs that people use.  To make things worse, even if you have a very secure PIN, as I described in my Scam of the day for September 12, 2014, identity thieves are exploiting vulnerabilities in bank security systems to merely change the PINs of the stolen cards and thereby bypass the need to know the PINs of the cards they steal.  Heads they win, tails you lose.


As I so often say, you are only as safe as the places you do business with who have the weakest security.  Despite government warnings last July to retailers about the dangers of the “Backoff” malware, thousands of retailers have still not taken the necessary steps to protect their computer systems.  All that we can do is to refrain from using debit cards for retail purchases and only use credit cards.  The laws protecting you from fraudulent use of debit cards are not as strong as those that pertain to fraudulent use of credit cards.  Also, since there is always a time lag from the time that the data breach actually occurs and when the company realizes that it has been hacked, it is important to regularly monitor your credit card statements for fraudulent purchases.

These kind of retail hackings will continue to happen and provide tremendous profits to hackers and identity thieves until retailers in the United States join the rest of the world and implement the smart card with chip technology used throughout the rest of the world.

Kmart will be offering free credit monitoring to affected customers.  For more information, go to their website or call them at 888-488-5978.