It's kind of like playing the game whack a mole!
First, it was target.
The "security breach" that compromised the confidential information of millions of Americans.
Then, we learned about Neiman Marcus.
The high-end retailer disclosed it too had been hacked.
We're still waiting for word on how many people are affected.
And now, a report from the cyber watch group Intelcrawler suggests at least six more retailers have yet to tell customers they've been breached as well with the same malware, attacking their online credit card processing.
So, the question now, where should we look to next?
"Once it's identified, then the security community can rally around it and put controls in place. But the problem is, the hackers know that. So they manipulate or mutate this malware, and then re-use it."
According to Intelcrawler, the source of the malicious software can all be traced back to one place.
The report claims the very first sample of the malware was created in March of 201, hitting stores in Australia, Canada, and the united states.
"Let’s say hypothetically, a retailer has 40 million transactions by 40 million different customers. All 40 million may have been damaged in some way, and under law they can be joined together in a class action lawsuit."
Legally, the burden is on retailers to protect customer information.
But from what we know now this could be the tip of the iceberg.
"And was able to put it up on the internet for download for other hackers to then take, and potentially use it for malicious harm. And that's what we believe happened to target as well as Neiman Marcus."