Cyber breach at US retailers may expand
Print Edition
Target Corp and Neiman Marcus are not the only US retailers whose networks were breached over the holiday shopping season last year, according to sources familiar with attacks on other merchants that have yet to be publicly disclosed.
Smaller breaches on at least three other well-known US retailers took place and were conducted using similar techniques as the one on Target, according to the people familiar with the attacks. Those breaches have yet to come to light. Also, similar breaches may have occurred earlier last year.
The sources said that they involved retailers with outlets in malls, but declined to elaborate. They also said that while they suspect the perpetrators may be the same as those who launched the Target attack, they cannot be sure because they are still trying to find the culprits behind all of the security breaches.
Law enforcement sources have said they suspect the ring leaders are from Eastern Europe, which is where most big cyber crime cases have been hatched over the past decade.
Only one well-known retailer, Neiman Marcus, has said that they too have been victim of a cyber attack since Target’s December 19 disclosure that some 40 million payment card numbers had been stolen in a cyber attack. On Friday, Target said the data breach was worse than initially thought.
An investigation found that hackers stole the personal information of at least 70 million customers, including names, mailing addresses, telephone numbers and e-mail addresses. Neiman Marcus said it was not sure if the breach was related to the Target incident.
Most states have laws that require companies to contact customers when certain personal information is compromised. In many cases the task of notification falls on the credit card issuer.
Merchants need to report breaches of personal information including social security numbers. It was not clear if that was the case with the retailers who were attacked around the same time as Target.
The Secret Service and Department of Justice, which are probing the Target breach, did not comment on Saturday.
Target has not disclosed how the attackers managed to breach its network or siphon off some of its most sensitive data.
The sources who spoke to Reuters about the breaches said that investigators believe the attackers used similar techniques and pieces of malicious software to steal data from Target and other retailers.
One of the pieces of malware they used was something known as a RAM scraper, or memory-parsing software, which enables cyber criminals to grab encrypted data by capturing it when it travels through the live memory of a computer, where it appears in plain text, the sources said.
Visa Inc issued two alerts last year about a surge in cyber attacks on retailers that warned about the threat from memory parsing malware.
- About Us
- |
- Terms of Use
- |
-
RSS - |
- Privacy Policy
- |
- Contact Us
- |
- Shanghai Call Center: 962288
- |
- Tip-off hotline: 52920043
- 沪ICP证:沪ICP备05050403号-1
- |
- 互联网新闻信息服务许可证:31120180004
- |
- 网络视听许可证:0909346
- |
- 广播电视节目制作许可证:沪字第354号
- |
- 增值电信业务经营许可证:沪B2-20120012
Copyright © 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.
