Sears said on Wednesday it found a security breach involving "unauthorized" credit card activity following some customer purchases at its Kmart stores.
Certain credit card numbers were "compromised" in the event, the company said in an emailed statement, without providing exact figures.
No personal information such as contact details and social security numbers of customers were obtained by those responsible for the breach, Sears said.
"There is also no evidence that kmart.com or Sears customers were impacted," it said.
The company said its Kmart store payment data systems were infected with a form of malicious code that was undetectable by its current antivirus systems, adding it was later able to remove the malicious code.
Sears has launched an investigation and engaged with third-party forensic experts to get its systems reviewed, the company said. It is working with federal law enforcement authorities and IT security firms in the ongoing investigation.
In 2014, the company experienced a possible data breach whose investigation did not reveal conclusive information.