Reuters is reporting that several major retailers were the victims of data consumer losses over the holiday season in addition to Target and Neiman Marcus, though the breaches have yet to be publicly disclosed.
Few details are available at this time, but sources indicate that the breaches are not as large as the Target incident, which is now suspected of affecting more than 70 million customer records, and that the breached entities are retailers with outlets in large shopping malls.
The attackers are thought to have used similar techniques as those employed by the Target attackers, who authorities believe infect point of sale (PoS) terminals with data sniffing malware, and some now speculate that the attacks may have been conducted by the same criminal organization based out of Eastern Europe.
“One of the pieces of malware they used was something known as a RAM scraper, or memory-parsing software, which enables cyber criminals to grab encrypted data by capturing it when it travels through the live memory of a computer, where it appears in plain text, the sources said,” the New York Daily News reported.
Thus far, Target has disclosed that the information stolen from includes names, mailing addresses, phone numbers or email addresses, but some suspect that the breach may be far worse, and include a wealth of predictive analytics that is used to profile customers.
“Target is an innovator in predictive analytics, they have what is internally called Guest ID. This identifier is used to track data on purchases made, if you used a credit card, coupons, filled out a survey, called customer support, if you have opened an email from them and other activities. This Guest ID is linked to your credit card number, email address, or name,” writes security researcher Ken Westin.
This is how Target was able to ascertain a teen girl was pregnant even before she disclosed her condition to her family.
“The Guest ID can be linked to demographic data such as age, marital status, if you have kids, estimated salary and what credit cards you carry. This data can be further mapped to other data they can buy about you including ethnicity, job history and the magazines you read,” Westin said.
Read More Here…