Skip to main content

Was Target the tip of the iceberg for holiday cyberattacks?

target tip iceberg holiday cyberattacks credit cards
Image used with permission by copyright holder

In the weeks following Thanksgiving, online retailer Target suffered a cyberattack that exposed the personal data of up to 110 million of its customers; in recent days, Neiman Marcus has confirmed that its databases have also been hacked. According to a report by Reuters, at least three more retail giants have been exposed, falling victim to the same style of attack that penetrated the defences of Target’s security system.

Neiman Marcus is the latest company to go public with a confession that some of its customer credit and debit card information has been stolen. According to Krebs on Security, the retailer is working with the U.S. Secret Service to investigate the cause and scale of the attack. For now it seems that only customers who shopped in a Neiman Marcus store (rather than online) have been affected.

In a statement to Krebs on Security, Neiman Marcus said: “On January 1st, the forensics firm discovered evidence that the company was the victim of a criminal cyber-security intrusion and that some customers cards were possibly compromised as a result. We have begun to contain the intrusion and have taken significant steps to further enhance information security.”

Today’s Reuters report suggests there is more news to come. Its story claims that “at least three other well-known U.S. retailers” have been hit using “similar techniques as [the cyberattack] on Target.” Again, it seems like outlets in malls are at the center of the breach.

Although the hacking techniques are similar, it’s not yet certain that all the attacks are linked — investigations are ongoing behind the scenes, and for the moment only Target and Neiman Marcus have made any public statements. According to Reuters, other data breaches may have occurred earlier in the year.

While retailers are often reluctant to disclose the details of cyberattacks in order to avoid hurting their business, most states have laws requiring companies to notify customers of any stolen data. In the majority of cases, the responsibility lies with the card issuer. For now, keep your eyes on your card bills and report any suspicious activity at the earliest opportunity.

Editors' Recommendations

David Nield
Dave is a freelance journalist from Manchester in the north-west of England. He's been writing about technology since the…
Hackers may have stolen the master key to another password manager
keepass master password plain text vulnerability open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more
Microsoft just gave you a new way to stay safe from viruses
A dark mystery hand typing on a laptop computer at night.

Microsoft has just taken a vital step towards better protecting your devices from malware, and it’s one that could stop viruses dead in their tracks. Interestingly, though, the Redmond giant seems to have made no mention of the change, despite its significance.

The new policy might sound minor on the surface: Microsoft’s SharePoint cloud storage service can apparently now scan files that are encrypted or password-protected. Previously, this wasn’t thought to be possible.

Read more