After millions of shoppers fell victim to massive data breaches at Target and Neiman Marcus, a new report shows the mastermind behind the malware used in the attacks is a 17-year-old boy.
That’s according to security researchers for IntelCrawler. IntelCrawler’s president said while finding out who might be behind the vicious malware is a step in the right direction, it doesn’t tell investigators who’s responsible for the recent attacks on popular retailers.
“He is still visible for us, but the real bad actors responsible for the past attacks on retailers such as Target and Neiman Marcus were just his customers.”
The report says the teen allegedly created the malware last March and started selling it to an unreported number of cyberhackers in Eastern Europe for the relatively low price of roughly $2,000.
WFXT notes the teen is from the Ukraine while authorities believe the malware used in the Target and Neiman Marcus breaches was used by hackers in Russia.
Up to 110 million Target shoppers reportedly had much of their personal information like credit card numbers, PINs and even personal addresses compromised because of the breach. (Via WMAQ)
So far, Neiman Marcus hasn’t said how many customers might have had personal information stolen, but The New York Times reports the attack there started back in July and lasted much longer than Target’s breach.
A security expert told CNN the credit card information stolen from Target customers is being sold on the black market for as low as $1.50 apiece and the breach might even have ties to the Russian mob.
Making matters even more troubling, the data theft could possibly extend beyond those two stores.
Bloomberg reports a security company working with the government says there could potentially be several more stores where customers have had their data stolen. Researchers say there’s evidence similar attacks have been going on since last June and stores don’t even know about it.
Both Citibank and JPMorgan Chase have announced plans to reissue all of its customers’ debit cards in reaction to the recent security breaches.