Last Friday, security firm Kaspersky Labs warned that Backoff might have infected a lot more systems than generally perceived.
"It is clear that criminals who are targeting the retail industry have tactics, techniques and procedures that most retailers aren't well prepared to stop," said Rob Sadowski, director of technology solutions at RSA, the security division of EMC. "Cyber criminals targeting payment card data are going after the biggest, most lucrative targets because they feel that they can succeed. And this latest breach, if the reports are true, is proving them right once again."
The latest breach appears to have followed the same pattern as previous breaches at Target, Nieman Marcus and P.F. Changs, said Michael Sutton, vice president of security research at security vendor ZScaler.
"These breaches could have largely been avoided had U.S. retailers adopted the 'chip and PIN' technology mandated in debit and credit cards in most industrialized countries," Sutton said. "The technology has not been widely adopted in the U.S. primarily due to lobbying by retailers who were concerned about the cost of implementing the technology."
The fact that many of these breaches are discovered by third parties and not the retailers themselves is especially troubling, Sutton said.
"It is concerning that gigabytes of credit card data can be syphoned from hundreds of retails stores each day for months and ultimately be sent to attackers in Eastern Europe without alarms being raised or reacted to," Sutton said.
Sign up for CIO Asia eNewsletters.