More than 1,000 Companies Hit with Backoff Malware

More than 1,000 US businesses
have been compromised by Backoff malware, according to an “infection assessment” by the US Department of Homeland Security (DHS). This particular malware affects retailers at the point-of-sale (POS) and can steal consumer payment data.

DHS, the National Cybersecurity and Communications Integration Center (NCCIC), the US Secret Service and the Financial Sector Information Sharing and Analysis Center (FS-ISAC) first issued an advisory about the malware at the end of July. DHS noted that seven POS system providers/vendors have confirmed that they have had multiple clients affected. The Secret Service estimates that over 1,000 businesses have been hit.

DHS recommends that retailers work with their IT staff, antivirus vendor, managed service provider, and/or POS system vendor to assess whether their assets may be vulnerable or compromised. The Secret Service is contacting impacted businesses as they are identified.

Security breaches continue to plague the retail sector. A little over a week ago, grocery store operator Supervalu revealed that it had incurred a security breach that may have affected “millions” of customers. And just last week, UPS admitted that it too had discovered malware in 51 of its retail store locations. The UPS breach is believed to have gone on between January 20 and August 11 and may have compromised more than 100,000 customer transactions.


Related reading