Sears said it was the victim of a cyber attack that likely resulted in the theft of some customer payment cards at its Kmart stores, the latest in a series of computer security breaches to hit US companies and dealing a fresh blow to the struggling US retailer.

The US Secret Service confirmed it was investigating the breach, which occurred in September and compromised the systems of Kmart, which has about 1,200 stores across the United States. The breach did not affect the Sears department store chain.

A Sears spokesman said he could not say how many credit and debit card numbers had been taken. He added that the personal information, debit card PIN numbers, e-mail addresses and social security numbers of its customers remained safe.

Security professionals said they were not surprised to learn that yet another major retailer was reporting a breach, adding they believe many big merchants do not have adequate systems for detecting cyber attacks, which means they still remain easy prey for hackers.

“This is going to continue indefinitely until people change their practices,” said Shawn Henry, a former senior cyber cop with the FBI who is now of the president of cyber forensics firm CrowdStrike Services. Security experts say retailers have traditionally not invested enough in security, partly because of the industry’s relatively thin profit margins.