Firstpost
  • Home
  • Video Shows
    Vantage Firstpost America Firstpost Africa First Sports
  • World
    US News
  • Explainers
  • News
    India Opinion Cricket Tech Entertainment Sports Health Photostories
  • Asia Cup 2025
Apple Incorporated Modi ji Justin Trudeau Trending

Sections

  • Home
  • Live TV
  • Videos
  • Shows
  • World
  • India
  • Explainers
  • Opinion
  • Sports
  • Cricket
  • Health
  • Tech/Auto
  • Entertainment
  • Web Stories
  • Business
  • Impact Shorts

Shows

  • Vantage
  • Firstpost America
  • Firstpost Africa
  • First Sports
  • Fast and Factual
  • Between The Lines
  • Flashback
  • Live TV

Events

  • Raisina Dialogue
  • Independence Day
  • Champions Trophy
  • Delhi Elections 2025
  • Budget 2025
  • US Elections 2024
  • Firstpost Defence Summit
Trending:
  • PM Modi in Manipur
  • Charlie Kirk killer
  • Sushila Karki
  • IND vs PAK
  • India-US ties
  • New human organ
  • Downton Abbey: The Grand Finale Movie Review
fp-logo
More Well-Known U.S. Retailers Victims Of Cyber Attacks: Sources
Whatsapp Facebook Twitter
Whatsapp Facebook Twitter
Apple Incorporated Modi ji Justin Trudeau Trending

Sections

  • Home
  • Live TV
  • Videos
  • Shows
  • World
  • India
  • Explainers
  • Opinion
  • Sports
  • Cricket
  • Health
  • Tech/Auto
  • Entertainment
  • Web Stories
  • Business
  • Impact Shorts

Shows

  • Vantage
  • Firstpost America
  • Firstpost Africa
  • First Sports
  • Fast and Factual
  • Between The Lines
  • Flashback
  • Live TV

Events

  • Raisina Dialogue
  • Independence Day
  • Champions Trophy
  • Delhi Elections 2025
  • Budget 2025
  • US Elections 2024
  • Firstpost Defence Summit
  • Home
  • Business
  • Biztech
  • More Well-Known U.S. Retailers Victims Of Cyber Attacks: Sources

More Well-Known U.S. Retailers Victims Of Cyber Attacks: Sources

FP Archives • February 3, 2017, 00:19:12 IST
Whatsapp Facebook Twitter

Target Corp and Neiman Marcus are not the only U.S. retailers whose networks were breached over the holiday shopping season last year, according to sources.

Advertisement
Subscribe Join Us
Add as a preferred source on Google
Prefer
Firstpost
On
Google
More Well-Known U.S. Retailers Victims Of Cyber Attacks: Sources

Target Corp and Neiman Marcus are not the only U.S. retailers whose networks were breached over the holiday shopping season last year, according to sources familiar with attacks on other merchants that have yet to be publicly disclosed.

Smaller breaches on at least three other well-known U.S. retailers took place and were conducted using similar techniques as the one on Target, according to the people familiar with the attacks. Those breaches have yet to come to light. Also, similar breaches may have occurred earlier last year.

STORY CONTINUES BELOW THIS AD

The sources said that they involved retailers with outlets in malls, but declined to elaborate. They also said that while they suspect the perpetrators may be the same as those who launched the Target attack, they cannot be sure because they are still trying to find the culprits behind all of the security breaches.

More from Biztech
Future Group - Reliance Retail Deal approved by CCI Future Group - Reliance Retail Deal approved by CCI RBI ban on cryptocurrencies takes effect; prohibition could force investors to tap the black market RBI ban on cryptocurrencies takes effect; prohibition could force investors to tap the black market

Law enforcement sources have said they suspect the ring leaders are from Eastern Europe, which is where most big cyber crime cases have been hatched over the past decade.

Only one well-known retailer, Neiman Marcus, has said that they too have been victim of a cyber attack since Target’s December 19 disclosure that some 40 million payment card numbers had been stolen in a cyber attack. On Friday, Target said the data breach was worse than initially thought.

An investigation found that hackers stole the personal information of at least 70 million customers, including names, mailing addresses, telephone numbers and email addresses. Neiman Marcus said it was not sure if the breach was related to the Target incident.

Most states have laws that require companies to contact customers when certain personal information is compromised. In many cases the task of notification falls on the credit card issuer.

Merchants are required to report breaches of personal information including social security numbers. It was not immediately clear if that was the case with the retailers who were attacked around the same time as Target.

STORY CONTINUES BELOW THIS AD

The Secret Service and Department of Justice, which are investigating the Target breach, declined to comment on Saturday.

Scraping Memory

Target has not disclosed how the attackers managed to breach its network or siphon off some of its most sensitive data.

The sources who spoke to Reuters about the breaches said that investigators believe the attackers used similar techniques and pieces of malicious software to steal data from Target and other retailers.

One of the pieces of malware they used was something known as a RAM scraper, or memory-parsing software, which enables cyber criminals to grab encrypted data by capturing it when it travels through the live memory of a computer, where it appears in plain text, the sources said.

While the technology has been around for many years, its use has increased in recent years as retailers have improved their security, making it more difficult for hackers to obtain credit card data using other approaches.

STORY CONTINUES BELOW THIS AD

Visa Inc issued two alerts last year about a surge in cyber attacks on retailers that specifically warned about the threat from memory parsing malware.

The alerts, published in April and August, provided retailers with technical details on how the attacks were launched and advice on thwarting them.

A Visa spokeswoman declined comment on the reports, which did not identify specific victims.

It was not clear whether Target’s security team had implemented the measures that Visa had recommended to mitigate the risks of being attacked.

Yet a law enforcement source familiar with the breach said that even if the retailer had implemented those steps, the efforts may not have succeeded in stopping the attack.

That is because the attackers were more sophisticated than the ones in the previous attacks described in the Visa alerts, according to the source. The source asked not to be identified because they were not authorised to discuss the matter publicly.

Delayed Disclosure

STORY CONTINUES BELOW THIS AD

Retailers are often reluctant to report breaches out of concern it could hurt their businesses. Target only acknowledged its 2013 attack after security blogger Brian Krebs reported the breach, prompting inquiries from journalists and investors.

Neiman Marcus said an outside forensics firm discovered evidence on January 1 that indicated the retailer had been the victim of a cyber attack. It disclosed the breach nine days later, after another inquiry from Krebs, who was following up on reports about a surge in fraudulent charges traced to the retailer.

Target and J.C. Penney Co Inc. waited more than two years to admit that they were victims in 2007 of notorious hacker Albert Gonzalez, who was accused of masterminding the theft and reselling of millions of credit cards and ATM numbers.

During his trial the companies were represented by lawyers who did not identify their clients as Target and J.C Penney.

Doug Johnson, vice president of risk management policy with the American Bankers Association, said banks and credit card firms like Visa are forbidden from naming merchants that have been breached, unless they disclose it themselves.

STORY CONTINUES BELOW THIS AD

“It is really frustrating to the bank and also the customer,” Johnson said.

One of the sources who told Reuters about the recent rash of attacks said the memory parsing malware cited in the Visa reports was among the tools that the hackers had used, but said they used other techniques as well.

Target spokeswoman Molly Snyder said the retailer is not commenting on the company’s investigation of the breach.

“This continues to be an active and ongoing investigation. It would be inappropriate to discuss details at this point.”

Avivah Litan, a security analyst for Stamford, Connecticut -based Gartner information technology research firm, said she learned about a separate set of breaches, dating back no more than a few months before the November 28 Thanksgiving Day start of the holiday shopping season, from a forensics investigator. She declined to provide his name.

“Target was not the only retailer who got hit, but they got hit the biggest,” Litan said.

STORY CONTINUES BELOW THIS AD

Investigators believe that the early series of attacks on retailers staged before late November were mostly used as trial attacks to help the hackers perfect new techniques they then used against Target, stealing payment cards at unprecedented speed, Litan said.

Chris Gray, director of Denver, Colorado -based Accuvant information security firm’s risk and compliance practice, said that sophisticated cyber crime groups do that because they only have once chance to get it right before victims catch on.

“You want to test it and make sure it works,” Gray said. “Then you push it out at the appropriate time and do as much damage as you can.”

Tags
retail Security cyber attacks data Target neiman Marcus Breach
End of Article
Written by FP Archives

see more

Latest News
Find us on YouTube
Subscribe
End of Article

Top Stories

Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?

Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?

As Russia pushes east, Ukraine faces mounting pressure to defend its heartland

As Russia pushes east, Ukraine faces mounting pressure to defend its heartland

Why Mossad was not on board with Israel’s strike on Hamas in Qatar

Why Mossad was not on board with Israel’s strike on Hamas in Qatar

Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe

Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe

Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?

Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?

As Russia pushes east, Ukraine faces mounting pressure to defend its heartland

As Russia pushes east, Ukraine faces mounting pressure to defend its heartland

Why Mossad was not on board with Israel’s strike on Hamas in Qatar

Why Mossad was not on board with Israel’s strike on Hamas in Qatar

Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe

Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe

Top Shows

Vantage Firstpost America Firstpost Africa First Sports
Latest News About Firstpost
Most Searched Categories
  • Web Stories
  • World
  • India
  • Explainers
  • Opinion
  • Sports
  • Cricket
  • Tech/Auto
  • Entertainment
  • IPL 2025
NETWORK18 SITES
  • News18
  • Money Control
  • CNBC TV18
  • Forbes India
  • Advertise with us
  • Sitemap
Firstpost Logo

is on YouTube

Subscribe Now

Copyright @ 2024. Firstpost - All Rights Reserved

About Us Contact Us Privacy Policy Cookie Policy Terms Of Use
Home Video Shorts Live TV