If you haven't ordered a new debit card or taken other measures to protect your identity in the wake of the recent Target and Neiman Marcus data breaches, you really should reconsider. Several security firms have come forward saying that even more retailers may have been exposed to the malware used in the Target attack.
Security Firms Discover a Malware Called 'Kaptoxa'
iSIGHT, a firm working with Homeland Security on the investigation into the recent data breaches, described its findings to CNNMoney. The malware used in the Target attack is called Kaptoxa, and it "infects individual point of sale devices. It monitors data processed on the device, then transmits that data outside of the retailer," said Tiffany Jones, senior vice president at iSIGHT Partners. Jones didn't say which retailers had been affected, only that this "malicious software has potentially infected a large number of retail operations," and the firm had never seen an attack on this scale.
Another firm looking into the malware, IntelCrawler, believes it "has uncovered at least six ongoing attacks at merchants across the U.S. who are infected with the same malware used in the Target attack," according to Business Insider. The firm also shared its unconfirmed belief that the code for the malware may have originated with a 17-year-old programmer with "roots" in St. Petersburg, Russia.
How Do I Protect Myself?
Currently, there are no concrete details about those unnamed "other" retailers, so the best thing for a consumer to do is remain vigilant. If you've noticed fraudulent activity on any of your accounts, you need to act fast to prevent further damage. As we previously mentioned, when your credit or debit card is compromised, you need to take immediate steps, like reporting your losses and enacting a fraud alert on your credit report.
Unfortunately, even if you haven't noticed anything strange, your identity and accounts could still be at risk, due to the massive scope of these recent attacks. Consider ordering a new debit or credit card, or at least changing all of your PIN numbers and passwords. Don't forget that you're entitled to one free credit report each year, but be sure to order it from the government's approved website to avoid scams. Moreover, if you shopped at Target during the time of the breach, you're eligible for a free year of credit monitoring.
Consumer confidence has understandably been shaken by these attacks, and we'll share more information on all the retailers that have been affected when those details come to light. More than anything, this situation is a stark reminder that we all need to practice common sense when making purchases, whether in-store or online. Readers, have you got any advice for victims of this breach? Have you been personally affected by the attacks? Share your experiences and advice in the comments below.