Cash registers at 1,200 Kmart stores were infected with malware that scooped up payment card numbers for over a month, reports the retailer.

In a statement, Kmart said the security breach was discovered on 9 October and that the malware had been operating since early September.

An initial investigation suggests the cyber-thieves stole credit and debit card numbers.

So far, it is not clear how many cards and customers have been affected.

In its statement, Kmart said no personal information, pin codes, email addresses or social security numbers were taken with the card numbers.

The malware has now been removed and the breach contained, it said, but it was continuing its investigation to gauge its full impact.

It added that there was no evidence that any of the card numbers stolen were being used to create counterfeit cards and land victims with bills for items they did not buy.

Despite this, Kmart said it would be offering free credit monitoring protection for customers to ensure any fraudulent use of their cards did not affect their credit score.

The US Secret Service, which leads investigations into financial fraud, is known to be investigating the case.

"I sincerely apologise for any inconvenience this may cause our members and customers," said Alasdair James, president of Kmart, in the statement.

BBC News