Kmart has been targeted in a data breach that exposed the debit and credit card information of customers. Sears Holding Corp. said in a Friday statement it is working with federal agents and a private security firm to investigate the breach of its discount retail subsidiary's systems.

Sears, based in Hoffman Estates, Illinois, said the chain's store payment data systems was infected with a covert form of malware that exposed consumer data. The breach took place in early September but was undiscovered until Thursday. The malware was removed from the systems, but not before "certain debit and credit card numbers" were compromised, Sears said.

"Based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no Social Security numbers were obtained by those criminally responsible," the statement said. "There is also no evidence that customers were impacted."

The company said it will offer free credit monitoring protection to any customers who shopped in Kmart stores from Sept. 1 to Thursday. The U.S. Secret Service said Friday it is working with the chain to investigate the intrusion, CNBC reported.

Sears said it will post updates about the breach at and people can call its customer care center at 888-488-5978 with any additional questions.

The Kmart data breach is the latest in a series of similar incidents that have rocked consumer confidence in the ability of stores to protect their data. A number of companies including AT&T Inc., Dairy Queen and Jimmy John's have announced in the past month that they have been targeted by hackers or other data intrusions. And a cyberattack this summer against JPMorgan Chase & Co. has raised concerns about information security that have alarmed officials all the way up to the White House, which is focusing increased attention on cybersecurity.