Target Data Breach Appears to Be Part of Broader Scam

The report noted that because this kind of software can "cover its own tracks," it's not possible to determine the scale, scope and reach of the breach without detailed forensic analysis.

Jan 17, 2014 at 1:08PM

NEW YORK (AP) -- The security breach that hit Target Corp. during the holiday season appears to have been part of a broader and highly sophisticated scam that potentially affected a large number of retailers, according to a report published by a global cyber intelligence firm that works with the U.S. Secret Service and the Department of Homeland Security.

The report, made public Thursday by iSight Partners of Dallas, offers more insight into the breach at Target. That attack affected 40 million credit and debit card accounts and led to the theft of personal information, including email addresses and names, of as many as 70 million customers.

The report said that a malicious program vacuuming personal data from terminals at store check-out stations was "almost certainly derived" from BlackPOS, a crude but effective piece of software that contained malware scripts with Russian origins.

"The use of malware to compromise payment information storage systems is not new," the report said. "However, it is the first time we have seen this attack at this scale and sophistication."

Starting in June, iSight noticed the malicious software codes on the black market, the report said.

Criminals bought the original malware on the black market and then created their own attack method to target retailers' terminals at store checkout stations, iSight Partners' CEO John P. Watters said.

"It's less about the malware, but more about the sophistication of the attacks," Watters said in an interview with The Associated Press.

The report noted that because this kind of software can "cover its own tracks," it's not possible to determine the scale, scope and reach of the breach without detailed forensic analysis.

"Organizations may not know they are infected," the report said. "Once infected, they may not be able to determine how much data has been lost."

Last week, Neiman Marcus said thieves stole some of its customers' payment information and made unauthorized charges over the holidays. At the time, it said that was working with the Secret Service on the breach.

The iSight report doesn't list the names of retailers and the intelligence firm says it can't discuss whether the malicious software specifically affected Target, Neiman Marcus and other retailers. However, the report offers the latest evidence that the attacks on Target and Neiman Marcus are related and that other retailers may have been victims of a broader data scheme.

Molly Snyder, Target spokeswoman, said that the retailer did not have any details to share on the report at this time.

Neiman Marcus Group said Thursday that, to its knowledge, customers' Social Security numbers and birthdates were not stolen in the security breach.

The luxury retailer, based in Dallas, also confirmed that customers who shopped online do not appear to have been affected, and said personal identification numbers, or PINs, were never at risk because the retailer does not require PIN pads in its stores.

Neiman Marcus spokeswoman Ginger Reeder declined to say how many people were affected by the scam, noting that the investigation is still ongoing.

link

The Motley Fool has no position in any of the stocks mentioned. Try any of our Foolish newsletter services free for 30 days. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.

1 Key Step to Get Rich

Our mission at The Motley Fool is to help the world invest better. Whether that’s helping people overcome their fear of stocks all the way to offering clear and successful guidance on complicated-sounding options trades, we can help.

Feb 1, 2016 at 4:54PM

To be perfectly clear, this is not a get-rich action that my Foolish colleagues and I came up with. But we wouldn't argue with the approach.

A 2015 Business Insider article titled, "11 websites to bookmark if you want to get rich" rated The Motley Fool as the #1 place online to get smarter about investing.

"The Motley Fool aims to build a strong investment community, which it does by providing a variety of resources: the website, books, a newspaper column, a radio [show], and [newsletters]," wrote (the clearly insightful and talented) money reporter Kathleen Elkins. "This site has something for every type of investor, from basic lessons for beginners to investing commentary on mutual funds, stock sectors, and value for the more advanced."

Our mission at The Motley Fool is to help the world invest better, so it's nice to receive that kind of recognition. It lets us know we're doing our job.

Whether that's helping the entirely uninitiated overcome their fear of stocks all the way to offering clear and successful guidance on complicated-sounding options trades, we want to provide our readers with a boost to the next step on their journey to financial independence.

Articles and beyond

As Business Insider wrote, there are a number of resources available from the Fool for investors of all levels and styles.

In addition to the dozens of free articles we publish every day on our website, I want to highlight two must-see spots in your tour of fool.com.

For the beginning investor

Investing can seem like a Big Deal to those who have yet to buy their first stock. Many investment professionals try to infuse the conversation with jargon in order to deter individual investors from tackling it on their own (and to justify their often sky-high fees).

But the individual investor can beat the market. The real secret to investing is that it doesn't take tons of money, endless hours, or super-secret formulas that only experts possess.

That's why we created a best-selling guide that walks investors-to-be through everything they need to know to get started. And because we're so dedicated to our mission, we've made that available for free.

If you're just starting out (or want to help out someone who is), go to www.fool.com/beginners, drop in your email address, and you'll be able to instantly access the quick-read guide ... for free.

For the listener

Whether it's on the stationary exercise bike or during my daily commute, I spend a lot of time going nowhere. But I've found a way to make that time benefit me.

The Motley Fool offers five podcasts that I refer to as "binge-worthy financial information."

Motley Fool Money features a team of our analysts discussing the week's top business and investing stories, interviews, and an inside look at the stocks on our radar. It's also featured on several dozen radio stations across the country.

The hosts of Motley Fool Answers challenge the conventional wisdom on life's biggest financial issues to reveal what you really need to know to make smart money moves.

David Gardner, co-founder of The Motley Fool, is among the most respected and trusted sources on investing. And he's the host of Rule Breaker Investing, in which he shares his insights into today's most innovative and disruptive companies ... and how to profit from them.

Market Foolery is our daily look at stocks in the news, as well as the top business and investing stories.

And Industry Focus offers a deeper dive into a specific industry and the stories making headlines. Healthcare, technology, energy, consumer goods, and other industries take turns in the spotlight.

They're all informative, entertaining, and eminently listenable ... and I don't say that simply because the hosts all sit within a Nerf-gun shot of my desk. Rule Breaker Investing and Answers contain timeless advice, so you might want to go back to the beginning with those. The other three take their cues from the market, so you'll want to listen to the most recent first. All are available at www.fool.com/podcasts.

But wait, there's more

The book and the podcasts – both free ... both awesome – also come with an ongoing benefit. If you download the book, or if you enter your email address in the magical box at the podcasts page, you'll get ongoing market coverage sent straight to your inbox.

Investor Insights is valuable and enjoyable coverage of everything from macroeconomic events to investing strategies to our analyst's travels around the world to find the next big thing. Also free.

Get the book. Listen to a podcast. Sign up for Investor Insights. I'm not saying that any of those things will make you rich ... but Business Insider seems to think so.


Compare Brokers