Target breach appears to be part of broader scam

NEW YORK (AP) -- The security breach that hit Target Corp. during the holiday season appears to have been part of a broader and highly sophisticated scam that potentially affected a large number of retailers, according to a report published by a global cyber intelligence firm that works with the U.S. Secret Service and the Department of Homeland Security.

The report, made public Thursday by iSight Partners of Dallas, offers more insight into the breach at Target. That attack affected 40 million credit and debit card accounts and led to the theft of personal information, including email addresses and names, of as many as 70 million customers.

The report said that a malicious program vacuuming personal data from terminals at store check-out stations was "almost certainly derived" from BlackPOS, a crude but effective piece of software that contained malware scripts with Russian origins.

"The use of malware to compromise payment information storage systems is not new," the report said. "However, it is the first time we have seen this attack at this scale and sophistication."

Starting in June, iSight noticed the malicious software codes on the black market, the report said.

Criminals bought the original malware on the black market and then created their own attack method to target retailers' terminals at store checkout stations, iSight Partners' CEO John P. Watters said.

"It's less about the malware, but more about the sophistication of the attacks," Watters said in an interview with The Associated Press.

The report noted that because this kind of software can "cover its own tracks," it's not possible to determine the scale, scope and reach of the breach without detailed forensic analysis.

"Organizations may not know they are infected," the report said. "Once infected, they may not be able to determine how much data has been lost."

Last week, Neiman Marcus said thieves stole some of its customers' payment information and made unauthorized charges over the holidays. At the time, it said that was working with the Secret Service on the breach.

The iSight report doesn't list the names of retailers and the intelligence firm says it can't discuss whether the malicious software specifically affected Target, Neiman Marcus and other retailers. However, the report offers the latest evidence that the attacks on Target and Neiman Marcus are related and that other retailers may have been victims of a broader data scheme.

Molly Snyder, Target spokeswoman, said that the retailer did not have any details to share on the report at this time.

Neiman Marcus Group said Thursday that, to its knowledge, customers' Social Security numbers and birthdates were not stolen in the security breach.

The luxury retailer, based in Dallas, also confirmed that customers who shopped online do not appear to have been affected, and said personal identification numbers, or PINs, were never at risk because the retailer does not require PIN pads in its stores.

Neiman Marcus's spokeswoman Ginger Reeder declined to say how many people were affected by the scam, noting that the investigation is still ongoing.

Print this article Back to Top

Comments

or Subscribe now so you can share your opinion! It’s only a penny for a month trial.

Latest Forecast
More National Business
GM recall affects 7.6 million cars
GM recall affects 7.6 million cars

DETROIT (AP) -- General Motors is recalling at least 7.6 million more vehicles dating back to 1997 to fix faulty ignition switches as the…

Study says college degree still has value
Study says college degree still has value

Those with bachelor's or associate's degrees earn more money over their lifetime than those who skip college, even after factoring in…

Scripps buys TV stations in Detroit, Buffalo
Scripps buys TV stations in Detroit, Buffalo

The E.W. Scripps Company bought two television stations from Granite Broadcasting Corp Monday in a $110 million deal.

Big brewers cave to pressure, post ingredients
Big brewers cave to pressure, post ingredients

Anheuser-Busch and MillerCoors, two of the world's biggest beer makers, are posting online what's inside bottles of Budweiser and…

Water woes force big brewers to tighten the tap
Water woes force big brewers to tighten the tap

Some of the largest brewers in the U.S. are trying to reduce their water-to-beer ratio as drought and wildfire threaten the watersheds where…

Get it faster! Ruling speeds up beer approvals
Get it faster! Ruling speeds up beer approvals

A new trade board ruling in Washington means that brewers will soon be able to bring more barrel-aged and fruit and spice beers to your glass…

GM announces five new recalls, 2.7M vehicles
GM announces five new recalls, 2.7M vehicles

General Motors announced Thursday five new recalls that cover 2.7 million vehicles.

US consumer prices rise by most in 10 months
US consumer prices rise by most in 10 months

Higher food and gas costs pushed up U.S. consumer prices in April by the most in 10 months, evidence that inflation is ticking up from very…

Netflix raises prices for new subscribers
Netflix raises prices for new subscribers

Netflix is raising its Internet video prices by $1 per month for new customers and giving its current U.S. subscribers a two-year break from…

Budweiser brewer AB Inbev sees Sharp profit drop
Budweiser brewer AB Inbev sees Sharp profit drop

The maker of Budweiser and Stella Artois beer says its first quarter net profit slumped by almost 24 percent despite rising sales volumes.