LOS ANGELES (1/21/14)--At least six additional U.S. retailers have been attacked with the same software used late last year to steal credit card and personal data from upward of 110 million Target Inc. customers, according to research released Thursday.
Dallas cybersecurity company iSight Partners Inc. and the U.S. Department of Homeland Security sent their findings to financial services and retail companies Thursday (The Wall Street Journal Jan. 16). iSight released its own version of the report the same day.
"What's really unique about this one is it's the first time we've seen the attack method at this scale," said Tiffany Jones, a senior vice president at iSight (CNN Money Jan. 16). The malware infects individual point of sale devices, monitors data processed on the device, then transmits that data outside of the retailer, she said.
Also on Thursday, the cybersecurity firm IntelCrawler reported retailers in Arizona, California, Colorado and New York were among those compromised with BlackPOS/Kaptoxa, the same malicious software used in the cyberattack on Target (Reuters Jan. 17). The code has been linked to a 17-year-old in Russia, IntelCrawler said.
"Most of the victims are department stores. More BlackPOS infections, as well as new breaches can appear very soon, retailers and security community should be prepared for them," said IntelCrawler CEO Andrew Komarov in a Jan. 16 blog post.
Target initially reported the breach compromised 40 million credit- and debit-card accounts from Nov. 27 through Dec. 15. It later added that personal data for 70 million people also had been compromised.