Reuters is reporting that Target and Neiman Marcus were not the only ones targeted by cyber thieves this holiday season. According to their report, at least three other well-known retailers in the U.S. were also hit, mostly in mall locations, with potential breaches that could have compromised customers’ purchase information and credit card details.
Whether or not the perpetrators of these breeches are the same is up for debate, but law enforcement in the Target/Neiman Marcus case are saying those attacks likely originated in Eastern Europe.
On December 19th, Target disclosed that they had been attacked and had more than 40 million payment card numbers stolen and have since said that the breach may be worse than that. Neiman Marcus recently disclosed that they had also been victims of similar attacks. In all, at least 70 million customers have had their names, mailing addresses, telephone numbers, email addresses and more compromised.
The attacks involved breaches of network security that allowed the hackers to siphon off information as it was transmitted for processing. The hackers used a combination of techniques, including software called a RAM scraper which captures encrypted data as it stores in the system’s memory on its way towards storage.
Credit card companies like VISA often warn retailers of the potential of attack and how it can be prevented. Investigators are looking into whether or not Target’s security team implemented those measures before the attacks took place. Disclosure delays may also be a problem here, as Target did not admit to the attacks until after they had been reported by a security blogger.