Target breach appears to be part of broader scam
The security breach that hit Target Corp. during the holiday season appears to have been part of a broader and highly sophisticated scam that potentially affected a large number of retailers, according to a report published by a global cyber intelligence firm that works with the U.S. Secret Service and the Department of Homeland Security.
Officials with iSight Partners, a Dallas company that focuses on cyber threat intelligence, offered more insight into the breach at Target.
Hackers installed malware on Target's cash registers and stole about 40 million debit and credit card numbers. They also took the names, e-mail and street addresses, of 70 million customers.
Russian words were found in one of the variants of the virus, and parts of the malware were developed by a Russian criminal, said Tiffany Jones, a senior vice president at iSight Partners.
Create a More Connected Minnesota
MPR News is your trusted resource for the news you need. With your support, MPR News brings accessible, courageous journalism and authentic conversation to everyone - free of paywalls and barriers. Your gift makes a difference.
"That does not in any shape or form indicate or show attribution that the attack or the operation was Russian in origin," said Jones, whose company is working with the U.S. Secret Service and the Department of Homeland Security to investigate the breach.
"The use of malware to compromise payment information storage systems is not new, but it's the first time we've seen this kind of attack method at the scale we've seen to date," she said.
On Thursday, iSight Partrners sent a confidential report to a group of retailers.
Jones said the malware first started appearing for sale in black market online forums in February and March of last year.
Molly Snyder, Target spokeswoman, said that the retailer did not have any details to share on the report at this time.
The Associated Press contributed to this report.