The Department of Homeland Security issued a somewhat alarming advisory for businesses over the weekend, stating that the malware responsible for Target’s massive security breach late last year may also affect more than 1,000 US companies and organizations, both big and small.
The government agency is urging businesses to bring together their IT team, antivirus vendor, and point-of-sale system provider to investigate whether their databases have been compromised by the malware, known as ‘Backoff.’
It said Backoff first surfaced in October last year, “though was not recognized by antivirus solutions until August 2014,” adding that it has “likely infected many victims who are unaware that they have been compromised.”
Up to now, seven point-of-sale service providers working for “multiple clients” have discovered the malware on their systems and notified officials as a result.
Hackers planted the malware on companies’ computer systems by first exploiting businesses’ administrator accounts remotely, Homeland Security said in its advisory. Once installed, each time someone scanned their credit card at an affected store, their personal details would go to a server owned by the company but controlled by the hackers.
The same malware is reported to be responsible for a hack on the The UPS Store’s computer systems between January and August this year. The retail chain, which revealed details of the incident last week, said customer information such as names, postal addresses, email addresses, and payment card information “may have been exposed” in the security breach.
The idea that data is being stolen without companies noticing suggests personal information belonging to millions of people has already been sold on the black market.
Homeland Security’s advisory can be read in full here.