Target, Neiman Marcus Credit Card Hacks Could Be More Widespread, Experts Say Agencies warn that malicious software that targets POS units has 'potentially infected a large number' of retailers.
By Jason Fell
Some 70 million customers at Target had their credit card and other personal informational stolen by hackers. Many more have apparently been compromised at Neiman Marcus stores. But this could just be the tip of the iceberg, official security agencies say.
Dallas-based cyber threat intelligence firm iSIGHT Partners, working with the U.S. Secret Service, says it has determined that malicious software has "potentially infected a large number of retail information systems." The U.S. Department of Homeland Security was also involved in the report.
The software, originally created in March 2013 and called KAPTOXA, is more commonly referred to now as BlackPOS.
The agencies warn that any retailer with point-of-sale units could be at risk. They urge business owners who believe they have been hacked to immediately contact their local U.S. Secret Service Field Office/Electronic Crimes Task Force.
Related: Target's Security Breach Stresses the Need for Better Cyber Security
The work of a Russian teenager?
It turns out the person who created the malicious software behind the attack on Target -- and possibly a similar attack on fellow retailer Neiman Marcus -- might have been identified as a 17-year-old teenager in Russia.
Los Angeles-based security firm IntelCrawler recently published a report identifying the person who created the malicious software as a 17-year-old with "roots in St.Petersburg" in Russia. After creating it, the teenager is said to have then made it available to others over the internet.
While the Russian teenager is said to have written the code, IntelCrawler did not allege that the teen was involved in the actual hack of Target or Neiman Marcus.
Meanwhile, internet security blogger Brian Krebs -- who first broke the story about the Target hack -- has reportedly disputed the accuracy of IntelCrawler's report about the Russian teen. "We don't think we are wrong," IntelCrawler president Dan Clements told USA Today.
Related: Uh, Did Your Refrigerator Just Send Me an Internet Virus?
