This blog has covered all of the latest developments in the Target breach that resulted the theft of information, including credit card data, from nearly 110 million customers. The information brought to light today, however, could be the most interesting and dangerous development yet.
According to a report from security firm IntelCrawler, the malware used in the breach can be traced back to a single "BlackPOS" version that was created by a 17-year-old Russian. It is believed to have surfaced early last year when the creator started sharing it in hacker circles. It has since been tweaked and more than 40 versions have been discovered infecting POS systems like Target and Neiman Marcus.
The aftermath of these security issues can have long lasting effects, far beyond stolen customer data and a damaged reputation.
"The numbers could be staggering, really, because what the retailers are looking at are potential class action lawsuits," CNN legal analyst Paul Callan said in a recent article. "Let's say hypothetically, a retailer has 40 million transactions by 40 million different customers. All 40 million may have been damaged in some way, and under law they can all be joined together in a class action lawsuit."
Considering all of this was started by a teenager, it is clear that the POS landscape is changing and there could be more issues on the horizon as this kind of crime becomes more popular. Because of this, organizations need to ensure that all credit card processing software and networks are up to the challenge of these criminals.