Report Offers Possible Link Between Recent Retailer Data Breaches
NEW YORK (CBSNewYork/AP) — According to a new report, it appears the security breach that affected millions of customers at Target over the holiday shopping season may have actually been a part of a broader and highly sophisticated scam that affected several retailers.
The report was published Thursday by a global cyber intelligence firm that works with the U.S. Secret Service and the Department of Homeland Security.
The iSight Partners of Dallas report offered more insight into the data breach at Target, which affected at least 40 million credit and debit card accounts and stole personal information such as email addresses and the names of as many as 70 million customers.
The report said that a malicious software that infiltrated the point of sale system at the registers was “almost certainly derived” from BlackPOS, a crude but effective software product.
Beginning in June, iSight started seeing the malicious software codes on the black market, according to the report.
“The use of malware to compromise payment information storage systems is not new,” the report said. “However, it is the first time we have seen this attack at this scale and sophistication.”
The report noted that because this kind of software can “cover its own tracks,” the scale, scope and reach of the breach is not possible to determine without detailed forensic analysis.
The report also comes in the wake of security breach at retailer Neiman Marcus.
Company officials warned customers last Friday that their credit and debit card information may have been stolen during the holiday season. The store said it discovered the breach on Jan. 1.
ISight said in the report it doesn’t address the names of retailers and can’t discuss whether the malicious software affected Target, Neiman Marcus and other retailers. However, the report offers the latest evidence that the two are related and that other retailers were victims of a broader data scheme.
Check Out These Other Stories From CBSNewYork.com:
- CBS 2 Exclusive: ‘E-Carriages’ May Be On Deck To Replace Horse-Drawn Rides In Central Park
- 2 Cars, 1 Key: Woman Accidentally Steals Honda In Brooklyn
- Seen At 11: Encryption Services Protect Smartphones From Hackers
- Kevin Edson, Man Charged In Boston Marathon Suspicious Backpack Hoax, Sent For Psychiatric Evaluation
(TM and © Copyright 2014 CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2014 CBS Broadcasting Inc. Used under license. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.)