According to the Secret Service, the retail giant Target wasn’t the only business that experienced a cyber attack that compromised tens of millions of its customers’ credit cards.
The New York Times reported on Friday that more than 1,000 American businesses were hit by the same cyber attack that Target faced earlier this year. A Department of Homeland Security advisory stated that the attacks were “much more pervasive” than initially reported. Hackers received access to millions of payment card data, which are being sold on the black market. According to the report, Homeland Security officials are encouraging all businesses to check for “Point of Sale malware infections,” regardless of the size of the business.
In order to complete the data breach, criminals scan a company’s system for vendors or employees who have remote access. By running programs, hackers are then able to guess username and password combinations in order to gain access to the systems. Once they have done so, they target the in-store cash register systems with malware known as “Backoff.” Backoff then combs through the system and takes the payment card data.
Despite the fact that the Homeland Security, the Secret Service, the National Cybersecurity and Communications Integration Center and their partners have warned companies to check their in-store cash register systems for the Backoff malware, only seven companies have opened up about their systems being affected. The Secret Service has much steeper estimates for the number of businesses that have actually been breached.
Target was heavily criticized in the wake of the announcement about the Nov. 27 to Dec. 15 data breach because of their delay in informing customers that their personal information may have been compromised. Considered one of “the largest data breaches from any consumer business,” the breach affected more than 70 million Target customers.
In order to confront the spread of the malware, the Secret Service and Homeland Security have recommended that companies limit the number of vendors that have outside access to the corporate systems, and require more complex passwords and login lock outs after failing to sign in multiple times. It is also recommended that there be revisions to a company’s in-store cash register system, including a two-step verification process.