Kmart
Company Details
Linkedin ID:
kmart
Website:
Employees number:
19,339
Number of followers:
83,721
NAICS:
43
Industry Type:
Homepage:
kmart.com
IP Addresses:
0
Company ID:
KMA_2033236
Scan Status:
In-progress
Kmart Company CyberSecurity Posture
kmart.com
Life is ridiculously awesome. That’s a bold statement. But hey, bold statements are our thing. So here’s another one: Kmart is ridiculously awesome, too. Know why? Because we work at it. We don’t do anything halfway. We go out and crush it. We’re about more than the products we sell. And more than creating a great experience in-store and online. We’re about giving our all, making every day as ridiculously awesome as we believe it can be, and having a great time doing it.
Kmart A.I CyberSecurity Scoring
Kmart Risk Score (AI oriented)Between 750 and 799
Kmart
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Kmart Global Score (TPRM)XXXX
Kmart
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Kmart Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Sears Holdings Management Corporation
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: The Washington State Office of the Attorney General reported a data breach by Sears Holdings on April 24, 2018. The breach occurred from September 27, 2017, to October 12, 2017, affecting 2,373 individuals in Washington. The compromised information included names and payment card information due to a cyberattack involving malicious script inserted by an unauthorized individual.
Kmart
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Kmart suffered a data breach incident after the personal details of its online customers were hacked. The company employed IT, and forensic investigators to investigate the incident. No customer's credit card or other payment details, however, customer’s names, email addresses, home addresses, telephone numbers, and product purchase details were accessed in an “external privacy breach.
Kmart Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Kmart
Incidents vs Retail Industry Average (This Year)
No incidents recorded for Kmart in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Kmart in 2026.
Incident Types Kmart vs Retail Industry Avg (This Year)
No incidents recorded for Kmart in 2026.
Incident History — Kmart (X = Date, Y = Severity)
Kmart cyber incidents detection timeline including parent company and subsidiaries
Kmart Company Subsidiaries
Life is ridiculously awesome. That’s a bold statement. But hey, bold statements are our thing. So here’s another one: Kmart is ridiculously awesome, too. Know why? Because we work at it. We don’t do anything halfway. We go out and crush it. We’re about more than the products we sell. And more than creating a great experience in-store and online. We’re about giving our all, making every day as ridiculously awesome as we believe it can be, and having a great time doing it.
Loading...
Kmart Similar Companies
H&M Group
Founded in 1947, H&M Group is a global design company with ~4,702 stores in 76 markets and 56 online markets. At H&M Group, we believe in making great design available to everyone. It’s essential in everything we do. Our family of brands and business ventures offer customers around the world a wealt
ALDI USA
Thank you for your interest in ALDI. We are aware of attempts to deceive applicants through fraudulent websites and email domains. Please know, ALDI recruiters will only contact you from an @aldi.us email address. As one of America’s favorite grocers, we believe in offering value and quality in
Our Purpose – Live Life Well Loblaw Companies Limited is Canada’s food and pharmacy leader, the nation’s largest retailer, and the majority unit holder of Choice Properties Real Estate Investment Trust. Loblaw – and its portfolio of grocery, health and beauty, financial services and apparel busines
Costa Coffee
At Costa Coffee, we’ve been crafting with heart and changing the coffee game since 1971. Now part of The Coca-Cola Company, we proudly operate in over 50 countries, and we’re still growing! And we’re much more than our beloved stores. Consumers all over the world can now enjoy Costa Coffee in our Re
AutoZone is the nation's leading retailer and a leading distributor of automotive replacement parts and accessories with more than 7,000 stores in the US, Mexico, Brazil and Puerto Rico. Each store carries an extensive line for cars, sport utility vehicles, vans and light trucks, including new and r
Fred Meyer
The Kroger Co., together with its subsidiaries, operates as a food retailer in the United States. The company operates three formats of supermarkets: combination food and drug stores (combo stores), multi department stores, and price impact warehouse stores or marketplace stores. The combo stores op
Five Below
At Five Below our growth is a result of the people who embrace our purpose: We know life is way better when you are free to Let Go & Have Fun in an amazing experience, filled with unlimited possibilities, priced so low, you can always say yes to the newest, coolest stuff! Just ask any of our over 27
JYSK
JYSK is an international home furnishing retailer with Scandinavian roots that makes it easy to furnish every room in any home and garden. JYSK delivers a great Scandinavian offer for everyone within sleeping and living. We are a global retail chain of stores and web shops, and part of the family-
Foot Locker
Foot Locker, Inc. is a leading footwear and apparel retailer that unlocks the “inner sneakerhead” in all of us. With approximately 2,500 retail stores in 26 countries across North America, Europe, Asia, Australia, and New Zealand, and a franchised store presence in the Middle East and Asia, Foot Loc
.png)
Kmart CyberSecurity News
December 18, 2025 08:00 AM
Scams in Australia January 2026: types, latest cybercrime trends and how to protect yourself
AI-powered attacks are on the rise in 2025; Scams are becoming more personalised and harder to spot; Hacks of major Australian companies...
September 18, 2025 07:00 AM
Australia’s OAIC rules on Kmart’s use of facial recognition, says consent must have ‘high bar’
The department store chain was found to have breached the country's privacy laws by collecting customers' biometric data through its FRT...
March 27, 2025 12:11 AM
Kmart Settles Data Breach Class Action with Banks
Kmart Corp. has submitted a motion for preliminary approval to an Illinois federal court of a settlement agreement it has reached with several banks...
March 25, 2025 07:00 AM
Oracle denies massive data breach
A hacker claimed to have stolen droves of important credentials from popular cloud company Oracle, despite the company staunchly denying any data has been...
October 24, 2024 02:11 PM
Kmart hacked - payment systems compromised by malware
Kmart announced on Friday that it had detected a serious security breach involving its store payment data system.
August 12, 2022 07:00 AM
Wesfarmers to stand up offensive cyber security capabilities
Wesfarmers is to establish offensive cyber security capabilities through a new “Cyber Fusion Centre” that will serve the conglomerate's retail and industrial...
February 25, 2022 08:00 AM
Kmart Australia continues bulking up its tech teams
Kmart Australia has made two new hires in its engineering department, as the retail brand continues expanding its technology talent.
January 20, 2022 08:00 AM
Kmart Group lands new head of cyber security
Nigel Hedges takes over from Simon Dalli. Kmart Australia has appointed Nigel Hedges as its new group head of cyber security for the Kmart and...
December 10, 2020 08:00 AM
Vendor ransomware attack disrupts DSW’s inventory management
The impact of cyberattacks on retailers and their vendors is even greater during this digital-first period brought on by the coronavirus...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Kmart CyberSecurity History Information
Official Website of Kmart
The official website of Kmart is http://www.kmart.com.
Kmart’s AI-Generated Cybersecurity Score
According to Rankiteo, Kmart’s AI-generated cybersecurity score is 787, reflecting their Fair security posture.
How many security badges does Kmart’ have ?
According to Rankiteo, Kmart currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Kmart been affected by any supply chain cyber incidents ?
According to Rankiteo, Kmart has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Kmart have SOC 2 Type 1 certification ?
According to Rankiteo, Kmart is not certified under SOC 2 Type 1.
Does Kmart have SOC 2 Type 2 certification ?
According to Rankiteo, Kmart does not hold a SOC 2 Type 2 certification.
Does Kmart comply with GDPR ?
According to Rankiteo, Kmart is not listed as GDPR compliant.
Does Kmart have PCI DSS certification ?
According to Rankiteo, Kmart does not currently maintain PCI DSS compliance.
Does Kmart comply with HIPAA ?
According to Rankiteo, Kmart is not compliant with HIPAA regulations.
Does Kmart have ISO 27001 certification ?
According to Rankiteo,Kmart is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Kmart
Kmart operates primarily in the Retail industry.
Number of Employees at Kmart
Kmart employs approximately 19,339 people worldwide.
Subsidiaries Owned by Kmart
Kmart presently has no subsidiaries across any sectors.
Kmart’s LinkedIn Followers
Kmart’s official LinkedIn profile has approximately 83,721 followers.
NAICS Classification of Kmart
Kmart is classified under the NAICS code 43, which corresponds to Retail Trade.
Kmart’s Presence on Crunchbase
Yes, Kmart has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/kmart.
Kmart’s Presence on LinkedIn
Yes, Kmart maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/kmart.
Cybersecurity Incidents Involving Kmart
As of January 24, 2026, Rankiteo reports that Kmart has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Kmart has an estimated 15,596 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Kmart ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak and Cyber Attack.
How does Kmart detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with it, third party assistance with forensic investigators..
Incident Details
Can you provide details on each incident ?
Title: Kmart Data Breach
Description: Kmart suffered a data breach incident after the personal details of its online customers were hacked.
Type: Data Breach
Title: Sears Holdings Data Breach
Description: The Washington State Office of the Attorney General reported a data breach by Sears Holdings on April 24, 2018. The breach occurred from September 27, 2017, to October 12, 2017, affecting 2,373 individuals in Washington, with compromised information including names and payment card information due to a cyberattack involving malicious script inserted by an unauthorized individual.
Date Detected: 2018-04-24
Date Publicly Disclosed: 2018-04-24
Type: Data Breach
Attack Vector: Malicious Script
Vulnerability Exploited: Insertion of malicious script
Threat Actor: Unauthorized Individual
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Malicious Script.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach KMA1925261122
Data Compromised: Customer’s names, Email addresses, Home addresses, Telephone numbers, Product purchase details
Incident : Data Breach SEA949072525
Data Compromised: Names, Payment card information
Payment Information Risk: True
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Customer’S Names, Email Addresses, Home Addresses, Telephone Numbers, Product Purchase Details, , Names, Payment Card Information and .
Which entities were affected by each incident ?
Incident : Data Breach SEA949072525
Entity Name: Sears Holdings
Entity Type: Retail
Industry: Retail
Location: Washington
Customers Affected: 2373
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach KMA1925261122
Third Party Assistance: It, Forensic Investigators.
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through IT, forensic investigators, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach KMA1925261122
Type of Data Compromised: Customer’s names, Email addresses, Home addresses, Telephone numbers, Product purchase details
Personally Identifiable Information: customer’s namesemail addresseshome addressestelephone numbers
Incident : Data Breach SEA949072525
Type of Data Compromised: Names, Payment card information
Number of Records Exposed: 2373
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Data Breach SEA949072525
Source: Washington State Office of the Attorney General
Date Accessed: 2018-04-24
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Washington State Office of the Attorney GeneralDate Accessed: 2018-04-24.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach SEA949072525
Entry Point: Malicious Script
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach SEA949072525
Root Causes: Insertion of malicious script by an unauthorized individual
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as It, Forensic Investigators, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized Individual.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2018-04-24.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2018-04-24.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were customer’s names, email addresses, home addresses, telephone numbers, product purchase details, , Names, Payment Card Information and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was it, forensic investigators, .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, product purchase details, email addresses, Payment Card Information, home addresses, customer’s names and telephone numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 240.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Washington State Office of the Attorney General.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Malicious Script.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=kmart' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
