Other Stores May Have Been Attacked by Malware from Target's Security Breach

A security firm believes the hacking attacks on Target and Neiman Marcus were merely the tip of the iceberg.
credit cards

If you haven't ordered a new debit card or taken other measures to protect your identity in the wake of the recent Target and Neiman Marcus data breaches, you really should reconsider. Several security firms have come forward saying that even more retailers may have been exposed to the malware used in the Target attack.

Security Firms Discover a Malware Called 'Kaptoxa'

iSIGHT, a firm working with Homeland Security on the investigation into the recent data breaches, described its findings to CNNMoney. The malware used in the Target attack is called Kaptoxa, and it "infects individual point of sale devices. It monitors data processed on the device, then transmits that data outside of the retailer," said Tiffany Jones, senior vice president at iSIGHT Partners. Jones didn't say which retailers had been affected, only that this "malicious software has potentially infected a large number of retail operations," and the firm had never seen an attack on this scale.

Another firm looking into the malware, IntelCrawler, believes it "has uncovered at least six ongoing attacks at merchants across the U.S. who are infected with the same malware used in the Target attack," according to Business Insider. The firm also shared its unconfirmed belief that the code for the malware may have originated with a 17-year-old programmer with "roots" in St. Petersburg, Russia.

How Do I Protect Myself?

Currently, there are no concrete details about those unnamed "other" retailers, so the best thing for a consumer to do is remain vigilant. If you've noticed fraudulent activity on any of your accounts, you need to act fast to prevent further damage. As we previously mentioned, when your credit or debit card is compromised, you need to take immediate steps, like reporting your losses and enacting a fraud alert on your credit report.

Unfortunately, even if you haven't noticed anything strange, your identity and accounts could still be at risk, due to the massive scope of these recent attacks. Consider ordering a new debit or credit card, or at least changing all of your PIN numbers and passwords. Don't forget that you're entitled to one free credit report each year, but be sure to order it from the government's approved website to avoid scams. Moreover, if you shopped at Target during the time of the breach, you're eligible for a free year of credit monitoring.

Consumer confidence has understandably been shaken by these attacks, and we'll share more information on all the retailers that have been affected when those details come to light. More than anything, this situation is a stark reminder that we all need to practice common sense when making purchases, whether in-store or online. Readers, have you got any advice for victims of this breach? Have you been personally affected by the attacks? Share your experiences and advice in the comments below.

Michael Bonebright
Former Senior Blog Editor

Michael added the finishing touches to most of the Blog articles on DealNews. His work has appeared on sites like Lifehacker, the Huffington Post, and MSN Money. See him rant about video games by following him on Twitter @ThatBonebright.
DealNews may be compensated by companies mentioned in this article. Please note that, although prices sometimes fluctuate or expire unexpectedly, all products and deals mentioned in this feature were available at the lowest total price we could find at the time of publication (unless otherwise specified).


Leave a comment!

or Register
Greg the Gruesome

That 17-year-old only coded the malware. Other people snuck it into Target's systems and set up a way to communicate with the malware and fetch the data it copied.
These hackers are getting into everything, govt websites, banks, big brand name stores. It's easy pickins for them it seems.

One thing I never do is have websites save my credit information. Makes it all too easy for thieves when their database is compromised.

To think this latest breach was allegedly started from a 17 year old in russia..........17 years old!
The problem is that even if your credit card was stolen, the thieves are distributing the information in small chunks to various underground blackmarkets, so your information not even be accessible to someone with nefarious means for a year or more. Best to cancel your accounts now before any fraudulent charges show up.
Greg the Gruesome
I recommend reading the blog http://krebsonsecurity.com/

>Consider ordering a new debit or credit card, or at least changing all of your PIN numbers and passwords.

Why passwords? No passwords were stolen. However, if any of your passwords is simply one of the pieces of data that were stolen (e.g., your street address), then yes, change those passwords, but you shouldn't have made up passwords like that to begin with.