Millions of payment data of US retailers including bigwigs like United Parcel Service (UPS), Supervalu and Target were breached by hackers, leading to a halt of 1,000 of American businesses on Friday.
In an advisory, the United States Department of Homeland Security (DHS) said that millions of data of American payment cards have been affected by the cyber attack. Over 1,000 businesses have fallen victim to hacker malware that targeted their cash register systems and stolen the highly confidential financial and personal data of customers upon swiping of the credit cards.
The cyber attack on US retailers was more vulnerable this time as they were completely unaware of the security threat and their leaked confidential data.
“The confidential information was stolen without the targeted companies being aware of the security breach,” the advisory further said.
On July 31, the Homeland Security department and other government agencies including National Cyber security, Communications Integration Center, Secret Service and their co-partners in the security industry have warned the retailers against the possible security breach, specifically about a new type of malware ‘Backoff’ which was discovered last October.
The security agencies had asked the US businesses to update their in-store cash register systems and check for any malware especially ‘Backoff’.
Recently, Backoff has infected many computer systems in 51 United Parcel Service (UPS) stores across the US.
“Once the bad guys realized they were able to penetrate larger networks, they saw the opportunity to develop malware that’s specifically for credit cards and can evade antivirus programs,” Jerome Segura, a senior security researcher at a cybersecurity software firm Malware Bytes said.
According to Segura, Backoff is similar to other malware and the only difference is that it’s designed to target high-value computer systems.
Backoff enables hackers to go undetected partially due to the reason that it hasn’t been widely distributed over the web.
In a bid to provide a more secure transaction gateway, banks and businesses have been asking the retailers to get their payment systems updated so that they could move to chip-based credit cards from the obsolete one.
Avivah Litan, a security analyst for Gartner Research, said, “The weakness is the magnetic stripe. I can buy a mag stripe reader on eBay and easily read all the data from your credit card. It’s an antiquated technology from the 1960s.”
Some credit card companies have even set a deadline for October next year to upgrade to this new payment system. Meanwhile, the security department has recommended all retailers to scan their computer systems for the malware and get their payment system protected from breach.