The Target stores’ data breach occurred due to Sergey Taraspov, a well-known programmer in the underground world who writes malicious code, according to the Wall Street Journal on Friday. Taraspov, a 16-year-old from Russia, has been discovered by IntelCrawler which is a cyber intelligence company in Los Angeles.
The breach has not only cut into Target’s sales but has caused panic among credit card and debit card users throughout the United States. In addition to the Target breach, BlackPOS malware – which is a not-so-costly malware that can be easily found – may have had something to do with a similar breach which was announce by Neiman Marcus about a week ago. BlackPOS is described as RAM-scraping malware, which means that it can copy credit card numbers from point-of-sale machines’ temporary memory, or RAM, in the instant after the cards are swiped and prior to numbers being encrypted.
BlackPOS hit retailers’ data systems in Australia, Canada, and the United States first. Initially, the malware was called “Kaptoxa” – which is Russian slang for "potato." It has been renamed and sold to criminals in the cyber-world in Eastern Europe as well as other countries. Additionally, the owners of credit card shops have bought the product as well.
IntelCrawler’s CEO Andrew Komarov asserts that there are six other breaches out there which include four mid-sized department stores in Arizona, California, Colorado, and New York as well as two small-sized clothing companies in Los Angeles. However, due to continuing investigations into the breaches, Komarov wouldn’t name the other companies involved.
According to Komarov, the data breach damage, as well as the number of companies that have been hit, could be much greater than previously reported by the media because the author of the malware has nearly 60 customers – some of whom were involved in the Target breach.
IntelCrawler is working with law enforcement officials, Visa, and Mastercard. Komarov also said that the price tag on the malware is $2,000 or 50 percent of the profits from selling card information which has been compromised.
The breaches have possibly compromised as many as 40 million card holders’ accounts with as many as 70 million customers’ email and other personal data regarding the Target concern. Neiman Marcus claims it does not know how many customers have been affected from its data breach.