More than 1,000 businesses affected by same malware as Target

The Secret Service estimates more than 1,000 American businesses have been infiltrated with the same malware that affected Target’s in-store cash register systems.
(Chris O’Meara / Associated Press)

The Secret Service estimates more than 1,000 businesses have been affected by the same kind of cyberattack that scraped Target’s cash register system for consumer credit card information, the Department of Homeland Security said in an advisory Friday afternoon. 

Criminals are carrying out the attack by hacking into businesses’ networks and then installing malware -- known as “Backoff” -- on their point-of-sale systems. Any time a business swipes a credit card, the malware records its information and sends it back to the hackers, who then sell the data to other criminals on the Internet, said Ken Westin, a security analyst for Tripwire Inc., a Portland cybersecurity firm.

This kind of attack was first seen last year when hackers infiltrated Target’s systems. According to the advisory, seven point-of-sale system vendors have confirmed that they’ve had multiple clients affected by Backoff. The Department of Homeland Security said that one strand of Backoff has been in use by hackers since last October and was not detected until just this month.

“There’s a lot of retailers out there that have been compromised by this and they simply don’t know it yet,” Westin said, explaining that many businesses don’t have the tools in place to monitor for these kinds of attacks. 


Earlier this week, the UPS Store said more than 50 of its locations had been hit by this kind of attack, potentially exposing more than 100,000 transactions.

The Department of Homeland Security advised businesses to get in touch with their antivirus vendors, point-of-sale system vendors’ information technology team and managed service provider to make sure they are not vulnerable to the Backoff malware. Businesses that believe they’ve fallen prey to Backoff should contact their local Secret Service office, the Department of Homeland Security said. 

Westin said he expects the number of affected businesses to keep growing and expects that other types of organizations that also use point-of-sale systems, such as hospitals and government bodies, will also be targeted by hackers.

He recommends that businesses separate their point-of-sale systems from less sensitive parts of their networks and install monitoring software that can detect and notify them if any changes are made to their systems. Most important, Westin said, is that organizations make sure customers’ credit card information is always encrypted. 


“Never store credit cards unencrypted anywhere on the network,” Westin said.

Follow me on Twitter for more cybersecurity news @sal19.

Get our weekly California Inc. newsletter