Reports started coming in last night that US retailers Albertsons and Jewel-Osco have both suffered yet another data breach. Commenting on this, Richard Cassidy, senior solutions architect at Alert Logic, says:
"It is no surprise that we are seeing repeat attempts at customer data exfiltration across organisations that were already subject to a data breach in the not too distant past. We’ve seen a number of variants of well known ePOS malware circulate throughout the industry already, with many more yet to be seen over the remainder of the year.
Clearly more details are yet to be released on on what exactly has been discovered at Albertsons and Jewel-Osco, but we shouldn’t be surprised if we learn it’s another variant of the popular ePOS malware trend that we’ve analysed to be one of this years most prolific e-commerce industry threats. The Target hack certainly saw one of the largest data breaches in recent history through the BlackPOS malware, built on a tool released to the underground back as far as February 2013. Hacker cells have had a great deal of time to learn from the success of Target and enhance their own code variants be even harder to detect and more efficient at data exfiltration, as we head into the one of busiest shopping periods of the year.
It is good to see early updates to the market from both these organisations. As we’ve learned from past experience, customers appreciate transparency and openness on such issues, with assurances that everything is being done to contain the threat. More importantly however is that consumers are provided with the chance to cancel cards early to avoid unnecessary headache, should their data be used maliciously."