Retailers, customers on alert after Target data breach expands
There are new details in a massive security breach at Target.
A new document has been put together by a cyber intelligence firm working behind the scenes with the US Secret Service. It sheds light on how the hackers got into the system, how they got personal information out and why other retailers are at risk now.
The virus that exposed more than 100 million people at Target was partly written in Russian, codeword: "Kaptoxa."
According to a new report obtained by NBC News, even cyber investigators seem surprised, saying the hackers "displayed innovation," that their tactics were "remarkable" and "new to e-crime."
"I've been doing this for 20 years and I've never seen anything like this. I mean, this is a gamechanger," said Jim Stickley, TranceSecurity.
Here's how the thieves did it. When you swipe your credit or debit card, the information travels from there to the cash register. As it's decrypted, in that fraction of a second, the virus grabs your personal data. Before you're even approved, you've been robbed.
Your name, credit card number, PIN, email and phone number all become compromised. Target's anti-virus software didn't catch it.
"Target has sophisticated security and yet they still couldn't protect from this kind of virus. It's truly stealth. It just won't be detected," said Stickley.
Target's CEO told CNBC this week that retailers need to up their game.
"I think what we've seen is vulnerability in our system. And I think if we are proactive and really engage and move it forward, we can accomplish anything," said Gregg Steinhafel, Target CEO.
But the threat has just begun. The report says this virus is "increasingly available on underground marketplaces" and experts fear hackers may have already launched it at other retailers who don't even know they're infected yet.
"Target's just the tip of the iceberg. Personal information's being stolen as we speak and people aren't doing anything yet to stop it," said Stickley.
NBC News reached out to Target about this report. The company had no comment.
Experts are pulling this virus apart trying to figure out how it works and how to build a program to stop it before another major retailer is hit.