X

More retailers reportedly victims of holiday data breaches

At least three other US retailers suffered unpublicized attacks similar to the one on Target, Reuters reports.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

The scope of credit card data breaches suffered by US retailers during the holiday shopping season may be larger than previously thought.

Following disclosures by Target and Neiman Marcus, Reuters reports that at least three more well-known retailers experienced smaller breaches that have yet to be publicly revealed. The additional attacks used similar techniques as the attack on Target, sources told the news agency, adding that other attacks may have occurred earlier last year.

The Reuters report did not identify which retailers may have been affected by the security breaches.

Target revealed on Friday that a payment card data breach it suffered in December was larger than originally believed, yielding the names, mailing addresses, phone numbers, and e-mail addresses of as many as 110 million customers. That's nearly three times the approximately 40 million credit and debit card numbers the nationwide retailer originally believed stolen between November 27 and December 15.

Also Friday, upscale department store Neiman Marcus confirmed that its database of customer information was hacked last month around the same time as the attack on Target. The size of the breach at Neiman Marcus has not been determined, but like the attack in Target, it appears to be limited to the data of shoppers at its retail locations.

Soon after Target's security breach was reported last month, fraud industry experts saw stolen data flood online card-selling markets to the tune of a "10- to 20-fold increase" in high-value cards. Batches of up to 1 million cards were selling for anywhere from $20 to as high as $100 per card, according to Brian Krebs, the security blogger who broke the story of the breach.