The type of point of sale, or PoS, malware that resulted in massive credit card breaches from Target and other retailers over the past year is more widespread than previously reported, an advisory from the Department of Homeland Security and the Secret Service revealed Friday. Moreover, the malware, the agencies reported, has “likely infected many victims who are unaware that they have been compromised.”
The Secret Service estimated that more than 1,000 businesses in the United States have been affected by one type of PoS malware, dubbed “Backoff.” Seven point of sale providers “have confirmed that they have had multiple clients affected,” said the advisory, adding that “reporting continues on additional compromised locations, involving private sector entities of all sizes.” The agencies encouraged all organizations to check for the the malware, which they say was not recognized by antivirus solutions until this month.
The National Cybersecurity and Communications Integration Center, the Secret Service and third-party partners issued an advisory about the Backoff malware on July 31. The malware remotely exploits businesses’ administrator accounts and steals consumer’s payment data, such as their credit and debit card numbers.
Since the Target breach, in which 40 million credit card numbers were comprised along with the personal information of another 70 million customers, many other retailers have disclosed that they, too, were affected by malware that infiltrated point of sale systems. Just last week, the SuperValu family of grocery stores announced that hackers may have stolen information from some of its stores via its credit and debit card payment systems.