Gregg Steinhafel shed more light on Target’s data breach in a recent interview with CNBC. According to the company CEO, the source of the attack affecting as many as 70 million of its customers was malware installed on its point-of-sale systems. It’s not clear how it got there in the first place but Steinhafel says it was removed hours after discovery and promises to make significant changes to make sure it doesn’t happen again.
Although Steinhafel is sticking to sharing only things they are certain about as a forensic investigation unfolds, sources speaking to Reuters say that hackers likely used a technique called RAM scraping to steal customer data. This allows the perpetrators to capture payment data during the few milliseconds that it is stored, unencrypted, in the system’s volatile memory (RAM) in order to process the payment.
Visa issued alerts about attacks utilizing these types of malware in April and August last year, suggesting that retailers tighten firewalls so that POS communicate only with known systems, among other recommendations.
Target isn't alone in suffering a major data breach recently. Over the weekend, security expert Brian Krebs from Krebs on Security reported that upscale retailer Neiman Marcus was compromised too. The latter has since acknowledged the breach but hasn’t detailed the extent of it beyond saying it’s conducting an investigation.
There’s no evidence at this time that the Target and Neiman Marcus breaches are related. The timing has prompted speculation that might be the case, however, and now a separate report from Reuters indicates that at least three other well-known US retailers were hacked using similar methods.
Image via Shutterstock