The bad news about data security and privacy keeps coming like a bad winter. According to Reuters, security firm IntelCrawler is reporting that there are at least six ongoing cyberattacks on US retailers similar to the one that hit Target in December of 2013. IntelCrawler has alerted law enforcement, Visa, and intelligence officials at major US Banks. Many have feared that the news we have heard from attacks on Target and Neiman Marcus were the tip of a very large ice berg, and if these reports prove to be true, that may indeed be the case. At this point relevant agencies and concerns are not responding to comment on these revelations.
To say one should be concerned is an understatement. Businesses will also be concerned. The lack of specific information threatens to harm any US retailer given the secrecy that typically surrounds these types of disclosures. That this report says the attacks are ongoing threatens more than transactions that have already occurred. There are probably quite a few US consumers dusting off checkbooks and preparing to rely on cash as they head into the weekend.
It has recently been disclosed in two reports (here and here) by Krebs on Security that the Target data breach was caused by the insertion of malware known as BlackPos into the point of sale system. This malware grabbed the data transmitted in a credit card swipe while it resided in memory and saved that data to servers within Target’s systems for later retrieval by the data thieves.
Suffice it to say, as we have said all along, the effects of this story and the story itself will be with us for quite some time.