WASHINGTON — Hacking attacks like those that siphoned credit-card data from Target and Neiman Marcus are probably part of an unprecedented assault on a larger number of retailers, according to a security company working with the government.
The assaults on retailers may involve multiple groups of hackers who appear to be working from a sophisticated piece of software code that began circulating on underground websites last June, iSIGHT Partners, a Dallas, Texas-based security company that tracks cyber criminals, said in a report.
The report doesn't say whether the software, dubbed Kaptoxa, was used in the theft of as many as 40 million customer credit and debit card accounts from Target. A person briefed on the investigation, who asked not to be identified because the matter is confidential, said Kaptoxa is the same software that infected Target. Molly Snyder, a spokeswoman for Target, declined to comment.
"We haven't seen the last of this," said iSIGHT Chief Executive Officer John Watters in an interview. "Now it's a race to the bank with the criminals rushing to hijack the data and convert it into criminal gain before the door to profitability is closed."
The iSIGHT report said the scale and sophistication of the campaign against retailers' point of sale systems — the terminals on which customers swipe credit and debit cards — may be the largest ever seen, escaping elaborate industry efforts to secure a system that processes more than $3.3 trillion in U.S. transactions annually.
Target, the second-largest U.S. discount chain, has said the theft of customer data may have affected anyone who provided it basic information over the past several years. In December, the company said credit- and debit-card data for as many as 40 million people who shopped in its stores between Nov. 27 and Dec. 15 may have been compromised. Earlier this month, the company said the thieves also got access to the names, phone numbers and home and e-mail addresses of as many 70 million people.