Kmart says customer credit card numbers were exposed after criminals used malware to infiltrate the company's data system.
Sears, which owns Kmart, said Friday the data breach began in early September and involved "a form of malware" that current anti-virus systems couldn't pick up. A separate note on Kmart's website described the malware as "similar to a computer virus. Sears spokesman Howard Riefs told BuzzFeed News Friday that additional information about the malware is not yet available.
The breach was detected by the company's security team Thursday. The team removed the malware, but not before debit and credit card numbers were compromised.
Riefs did not say how large the breach was, but when asked if it included everyone who shopped at Kmart between September and Thursday, he responded that it was "potentially those customers."
The company said the breach did not extend to PIN numbers, email addresses, social security numbers, or other personal information. Customers who shopped online at Kmart.com also weren't impacted by the breach, the company said.
Riefs said investigators are still trying to determine who was responsible for the breach.
Sears is encouraging customers who shopped at Kmart during September and early October to reach out to their credit card company if they notice unusual charges. Kmart also is offering credit monitoring protection.
Dairy Queen also announced this week that hackers had accessed customer data.
The fast food chain announced the hack Thursday, saying that between August and October hackers stole customer names, as well as credit and debit card numbers, from 395 stores. The hackers also reportedly took card expiration dates, but did not get other personal information such as social security numbers or PIN numbers.
There are a total of 4,500 Dairy Queen stores in the U.S. The company has published a list of affected stores.