NEW YORK -- Sears Holdings Corp. said Friday that a data breach at its Kmart stores that started last month may have compromised some customers' credit and debit cards.
Sears Holdings, which also operates Sears stores, said that Kmart's information technology department on Thursday detected a breach of its payment data systems.
The company was unable to provide the number of affected cards. But it said that based on its investigation so far, it believes no personal information, debit card PIN numbers, email addresses or social security numbers were obtained by the hackers. And there's no evidence that Kmart.com shoppers were affected.
It said Kmart was able to remove the malicious software from its systems.
The news of the hack is a blow to Kmart's Hoffman Estates, Illinois-based parent company, which is struggling with losses and sales declines as it fights to stay relevant with shoppers.
Sears said Kmart is working with federal law enforcement authorities and banking partners as it investigates the breach. It is also deploying software to protect customers' information.
The company said that it will be providing free credit-monitoring protection for customers who shopped with a credit or debit card at Kmart stores during the month of September and through Thursday. It also emphasized that customers have no liability for unauthorized charges if they report them in a timely manner, according to the policies of most credit card companies. Sears said that the most up-to-date information will be available on its website, kmart.com, and customers can contact its customer care center at 888-488-5978.
The announcement comes a few weeks after Home Depot, the nation's largest home improvement chain, said that a data breach that lasted for months at its stores in the U.S. and Canada affected 56 million debit and credit cards. A pre-Christmas 2013 attack at Target Corp. compromised 40 million credit and debit cards.
The size of the theft at Home Depot trails only that of TJX Companies' heist of 90 million records disclosed in 2007.
Target's high-profile breach pushed banks, retailers and credit card companies to increase security by speeding the adoption of microchips in U.S. credit and debit cards. Supporters say chip cards are safer, because unlike magnetic strip cards that transfer a credit card number when they are swiped at a point of sale terminal, chip cards use a one-time code that moves between the chip and the retailer's register.