2 More Breaches Linked to Target?

Verizon Investigates More Retailer Attacks
2 More Breaches Linked to Target?
Dan Clements

Verizon Communications Inc. is looking into two apparent retail breaches that may be linked to recent high-profile incidents, including the Target Corp. breach.

See Also: Eight Capabilities IT Pros Should Look for in a CASB

Bryan Sartin of Verizon's Enterprise Solutions unit told the Wall Street Journal he couldn't disclose the names of the two retailers. But during the RSA Conference 2014, Gartner analyst Avivah Litan told Information Security Media Group the two retailers were reportedly located in Europe and the U.S., and she's not convinced they are the same attacks being investigated by Verizon.

Verizon spokeswoman Marie McGehee tells Information Security Media Group that the company will not offer details about incidents involving clients, especially when security issues are involved. She also would not confirm whether the affected retailers were located in the U.S. and Europe. "We don't comment on rumor and speculation," she says.

But Dan Clements of cyber-intelligence and retail malware research firm IntelCrawler says his company determined in January that the malware strain known as BlackPOS had infected retailers with Internet protocol addresses managed by Verizon.

"Some of those IP addresses were in the BlackPOS infections," Clements said in an interview with Information Security Media Group at the RSA conference. "These IP addresses were under Verizon, so that could be why they are investigating."

BlackPOS has been linked to numerous retail breaches and may have been involved in the Target compromise.

On Jan. 20, in the wake of the Target attack, IntelCrawler reported that at least six more retailers had likely been compromised by POS malware (see 6 More Retailers Breached?).

Connections to Other Attacks?

Clements could not say whether any of the attacks it had tracked were linked to other recent breaches, such as Target. But Verizon's Sartin told the Wall Street Journal connections to other incidents are likely.

"We've been brought into other situations as the investigator," Sartin told the Journal. "The findings already substantiate a very real link between these later situations and something that recently happened."

The comment from Sartin could be a reference to the Target or Neiman Marcus breaches, both of which involved malware used to compromise payment card data of the stores' customers.

(News writer Jeffrey Roman contributed to this story).


About the Author

Tracy Kitten

Tracy Kitten

Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 18 years' experience, Kitten has covered the financial sector for the last 11 years. Before joining Information Security Media Group in 2010, where she now serves as the Executive Editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network