The holiday season data breach at Target that hit more than 70 million consumers was part of a wide and highly skilled international hacking campaign that's "almost certainly" based in Russia. That's according to a report prepared for federal and private investigators by Dallas-based cybersecurity firm iSight Partners.
And the fraudsters are so skilled that sources say at least a handful of other retailers have been compromised.
"The intrusion operators displayed innovation and a high degree of skill," the iSight report says.
The report doesn't say specifically how Target's network was breached but says that a virus was injected into the retail giant's credit card swiping machines, and that malware allowed hackers to collect data from the magnetic stripes on payment cards. The problem for the security companies hired to protect retailers is, according to iSight, the malware the bad guys are using can't be detected by anti-virus software.
Who are these guys? Well, it's all part of an underground market that's been running for years — Planet Money featured this dark credit card underworld in 2011 — and the hackers writing data-stealing code are getting more sophisticated than ever.
"There's already a lot of breaches related to the Target breach that aren't being disclosed," says Avivah Litan, a retail industry analyst for Gartner. "The chances that we'll see another big breach like this are probably 80 percent."
All Tech Considered
Security Experts Say Data Thieves Are Getting Harder To Fight