Cyber attacks aimed at in-store cash register systems have affected more than 1,000 American businesses, including Target, Supervalu and UPS Stores, says the Department of Homeland Security. The announcement reveals that the attacks were more pervasive than initially thought last holiday season when the breach at Target was initially discovered.
The hackers who orchestrated the attacks were able to steal the data of millions of payment cards from U.S. consumers without the businesses realizing. Suspecting widespread cyber theft, Homeland Security is instructing companies to analyze their in-store cash register systems for a malware package dubbed “Backoff,” named after a word that appeared in its code. Since the warning was issued, seven companies that sell and manage the systems have told government officials that they each had multiple clients affected. While more than 1,000 businesses have likely been impacted, few have come forward to confirm they were victims.
Worryingly, the Secret Service says hackers are probing into corporate systems for remote access opportunities – such as an employee working from home – and then using computers to discover user names and passwords. Once inside the corporate network, the cyber pilferers worm their way into in-store cash register systems where they collect payment card data and send it back to their servers for uploading.
Last year, hackers penetrated Target’s register systems for weeks and stole data off the magnetic stripes on tens of millions of customers’ credit and debit cards. The infiltration drew attention to the vulnerability of magnetic stripes.
“The weakness is the magnetic stripe,” Avivah Litan, a security analyst for Gartner Research, told The New York Times. “I can buy a mag stripe reader on eBay and easily read all the data from your credit card. It’s an antiquated technology from the ’60s.”
As a new, safer alternative to stripes, companies and financial institutions are looking into a chip-based smart card standard called E.M.V., short for the technology’s supporters Europay-Mastercard-Visa. By October 15, credit card companies expect retailers to have upgraded their register systems.