updated 06:53 am EST, Mon January 13, 2014
Target believed to be largest in group of companies attacked by hacking group
More customers of large US retailers may have been affected by holiday shopping hacks than originally thought, according to a report. Three more retailers have apparently been targeted by hackers using similar techniques to the attacks on Target and Neiman Marcus, though it has yet to be revealed if it is the same collective responsible for Target's intrusion.
The three other retailers have yet to be named, according to sources of Reuters, though the stores apparently have outlets in malls, and are apparently smaller in size when compared to Target. While it is unknown if the same people performed the attacks across all retailers, law enforcement officials believe that the ring leaders of the hacking groups are based in Eastern Europe. It is thought that the attacks on the smaller retailers were a trial run before an attack on Target, with some apparently taking place months beforehand.
One of the techniques though to be used in the attacks involves memory-parsing software, identified as a "RAM scraper," which acquires data stored in memory before it has a chance to be encrypted. Card processor Visa has issued two alerts in the last year over attacks on retailers, with the warnings in April and August specifically advising on memory-based attacks. Even so, sources claim that the techniques used were more sophisticated than the methods detailed in Visa's reports.
Late last week, Target advised that the data breach was wider than the 40 million customer records initially reported, stretching the affected total to 70 million. The retailer promised affected customers "will have zero liability for the cost of any fraudulent charges arising from the breach," and offered one year of free credit monitoring and identity theft protection.