Most U.S. Businesses Don’t Know They Were Caught Up In Massive Cyberattack

Is your payment information safe? It’s hard to know, considering many companies hit by the same cyberattack that hit Target don’t even know it.

According to a New York Times report published Friday, more than 1,000 businesses, including Supervalu and United Parcel Service (UPS), were caught up in a breach affecting in-store cash register systems. The Department of Homeland Security issued an advisory that said millions of American payment cards have been affected by the hack.

At the end of July, the report says government agencies instructed companies to check for “Backoff” malware, a type of infection that occurs at the Point Of Sale. Since then seven companies have told the government their systems were hacked, but the Times says the Secret Service estimates more than 1,000 have not checked or stepped forward. Government agencies have instructed companies to search for the “Backoff” malware on their systems or enlist the help of antivirus companies.

Reports like this highlight the need for stricter government regulation and oversight when it comes to protecting customers data. Companies don’t have an incentive to report these breaches because it can result in a public relations nightmare and lead to profit losses. If it weren’t for the work of cybersecurity reporters like Brian Krebs, the public may not have known about the massive breaches that affected retailers like Target.

Businesses also need to take these repeated attacks seriously and upgrade their payment systems. As the Times report notes, magnetic stripe cards aren’t secure. The cost of upgrading to chip-based smart cards can cost large companies millions, but the alternative is watching these hacks continue to happen.