The scope of credit card data breaches suffered by US retailers during the holiday shopping season may be larger than previously thought.
Following disclosures by Target and Neiman Marcus, Reuters reports that at least three more well-known retailers experienced smaller breaches that have yet to be publicly revealed. The additional attacks used similar techniques as the attack on Target, sources told the news agency, adding that other attacks may have occurred earlier last year.
The Reuters report did not identify which retailers may have been affected by the security breaches.
Target revealed on Friday that a payment card data breach it suffered in December was, yielding the names, mailing addresses, phone numbers, and e-mail addresses of as many as 110 million customers. That's nearly three times the approximately 40 million credit and debit card numbers the nationwide retailer originally believed stolen between November 27 and December 15.
Also Friday, upscale department store Neiman Marcuslast month around the same time as the attack on Target. The size of the breach at Neiman Marcus has not been determined, but like the attack in Target, it appears to be limited to the data of shoppers at its retail locations.
Soon after Target's security breach was reported last month, fraud industry experts sawto the tune of a "10- to 20-fold increase" in high-value cards. Batches of up to 1 million cards were selling for anywhere from $20 to as high as $100 per card, according to Brian Krebs, the security blogger who broke the story of the breach.