At least three more US retailers suffered unpublicized attacks similar to the one on Target, Reuters reports.
January 12, 2014 9:30 AM PST
The scope of credit card data breaches suffered by US retailers during the holiday shopping season may be larger than previously thought.
Following disclosures by Target and Neiman Marcus, Reuters reports that at least three more well-known retailers experienced smaller breaches that have yet to be publicly revealed.
The additional attacks used similar techniques as the attack on Target, sources told the news agency, adding that other attacks may have occurred earlier last year.
The Reuters report did not identify which retailers might have been affected by the security breaches.
Target confirms malware used on point-of-sale terminals
Cybersecurity forces align as FireEye acquires Mandiant
Target data stolen in hack showing up on black market
Target revealed Friday that a payment card data breach it suffered in December was larger than originally believed, yielding the names, mailing addresses, phone numbers, and e-mail addresses of as many as 110 million customers. That’s nearly three times the approximately 40 million credit and debit card numbers the nationwide retailer originally believed stolen between November 27 and December 15.
Also Friday, upscale department store Neiman Marcus confirmed that its database of customer information was hacked last month around the same time as the attack on Target.
The size of the breach at Neiman Marcus has not been determined, but like the attack in Target, it appears to be limited to the data of shoppers at its retail locations.
Soon after Target’s security breach was reported last month, fraud industry experts saw stolen data flood online card-selling markets to the tune of a “ten- to twentyfold increase” in high-value cards. batches of up to 1 million cards were selling for anywhere from $20 to as high as $100 per card, according to Brian Krebs, the security blogger who broke the story of the breach.