Sunday, January 12, 2014

Neiman Marcus Breach Could Be Part Of Larger Holiday Cyberattack On U.S. Retailers

Screen Shot 2014-01-11 at 11.43.08 PMIn the weeks following Thanksgiving, Target became the unlucky victim of a massive attack and data hack, which reportedly affected as many as 110 million people and exposed an array of personal data, including names, addresses and credit card information. With a second retail giant beginning to notify customers that it, too, has been hacked, it seems that we may just be scratching the surface of a larger cyberattack that took place during the holiday season. This morning, Krebs On Security reported that upscale retailer Neiman Marcus has teamed up with the U.S. Secret Service to investigate its own data breach which led to the theft of credit card and personal information. The company reportedly discovered the cyberattack in December from its credit card processor but has still yet to disclose how many shoppers have been affected by the hack. However, the company said via its Twitter account that it is beginning to notify customers whose credit card information has been “used fraudulently” since the breach in December. The company said that the forensics team it has been working with had discovered that customer personal information had been compromised, but that it has “begun to contain the intrusion and have taken significant steps to further enhance information security,” it said in a statement about the breach. Beyond how many of its customers were exposed to the attack, the company has yet to share details on how the breach occurred. There is no concrete evidence that the two attacks on Neiman Marcus and Target were linked, as, at least according to Krebs. Target has yet to publicly share details on its investigation which could help other retailers discover whether or not the attacks were perpetrated by the same hackers. However, Reuters has since reported that Neiman Marcus and Target were not the only victims of the Holiday Hack Attack ’13, as I’m calling it. According to Reuters, at least three other “well-known U.S. retailers” were subject to data breaches, which used “similar techniques” to the attack on Target. Not only that, but those investigating the events indicated that similar breaches may also have “occurred earlier last year.” The report claims that hackers used “malicious software” to infiltrate the retailers’ databases and steal credit card information. Reuters’ sources indicated that one of the Trojan horses used by hackers was a “RAM scraper,” which allows the burglar to snatch encrypted data at a



No comments:

Post a Comment