Leave a comment

Target, UPS, SuperValu hacks: All connected and way worse than we knew

Some of you may be tired of hearing about the latest retail hack, but trust me, it's not something that you should ignore. And the latest revelation may just blow your socks off.

So you know about the Target hack in December, and probably a few more hacks - like the UPS store - since then. But did you know that most of these hacks are caused by the same kind of malware?

Nicknamed "Backoff," the malware infiltrates companies in the same manner all over the country. Hackers look for remote entries, like a vendor who services the Point of Sale (PoS) machines, or an employee that works remotely.

Then the hackers work to break into the employee passwords, and employ Backoff. The malware slithers through the systems undetected until it gets to the PoS software.

When it reaches the PoS data, Backoff sends the personally identifiable customer information back to the hackers on the other end. And the results have been catastrophic.

On July 31, Homeland Security, along with the Secret Service, the National Cybersecurity and Communications Integration Center and their partners in the security industry, warned companies to check their in-store cash register systems for a malware package that security experts called Backoff after a word that appeared in its code. Until that point, Backoff malware and variations of it were undetectable by antivirus products.

Since then, seven companies that sell and manage in-store cash register systems have confirmed to government officials that they each had multiple clients affected, the government said Friday. Some of those clients, like UPS and Supervalu, have stepped forward, but most have not.

What does this mean for security? You're going to have to take it to the next level.

Professionals have been urging Target and other retailers to upgrade their PoS systems to read debit and credit cards not by their magnetic stripe, but by the chip-based smart card standards already set in the U.K.

This new card security technology is called E.M.V. or Europay-Mastercard-Visa, named after the security technology's first investors. This would beef up the security on cards, since magnetic stripe reader technology has been around since the '60s.

Retailers have been given until October 2015 to upgrade their PoS systems, but many researchers believe that the cost of replacement - $500-$1,000 each - will put most stores past the deadline.

What you can do right now is to replace all of your credit and debit cards. Hackers can't use your information if what they have is out of date.

You should also be updating your passwords often with strong and tough-to-guess passwords. Click here to learn how to make tough passwords. 

View Comments ()
Phone feature causes hidden charges in cellphone bills
Previous Happening Now

Phone feature causes hidden charges in cellphone bills

3-D printed bump keys let burglars walk right into your home
Next Happening Now

3-D printed bump keys let burglars walk right into your home