Five recent cyberattacks against U.S. retailers all appear to have come from the same overseas criminal gang, according to the U.S. Secret Service. That includes the breach that stole 2.4 million credit and debit card numbers from the Schnuck Markets grocery chain, along with four other unnamed breaches, Bank Info Security reported on Tuesday (Aug. 27).
Craig Hutzell, a spokesman for the Kentucky Electronic Crimes Task Force (part of the U.S. Secret Service), said the attacks on Schnuck's and retailers in Kentucky and Indiana share a number of characteristics. The malware used in the attacks and the methods of entry all trace back to a single hacker using an overseas IP address. "It's the same [modus operandi], and the malware matches what we had here in our breach," Hutzell said.
Hutzell also said four other retailers with recent security breaches also match the pattern, but would not name them, saying it wasn't clear if all of those incidents had been made public.
However, recent breaches following a similar attack pattern include reported breaches at grocery chain Bashas, convenience store chain Mapco Express (NYSE:DK) and hardware chain Harbor Freight Tools, as well as a suspected breach at supermarket chain Raley's that the retailer has not acknowledged as successful.
Authorities have so far arrested three individuals who allegedly purchased card numbers stolen in the attacks in underground forums. Those "cashers" were apprehended by local police in Arizona and California, Hutzell said. The overseas cyberthieves remain at large, but Hutzell said cooperation with international law enforcement is expected to bring the case to a close soon.
- See this Bank Info Security story
Regional Grocery Chain Raley's Hit By Network Breach; Payment Card Data Likely Stolen
C-Store Chain Mapco Express Hit With Remote Access Breach
Schnuck's: 2.4 Million Cards Were Stolen In Cyberattack