Government warns U.S. retailers about hacking software

photo Customers exit a Shop' Save grocery store in Mount Lebanon, Pa., in this 2012, file photo. Supervalu said Aug. 15, 2014, that a potential data breach may have impacted about 200 of its stores and reached stores it sold off last year.

WASHINGTON - More than 1,000 U.S. retailers could be infected with malicious software lurking in their cash register computers, allowing hackers to steal customer financial data, the Homeland Security Department said Friday.

The government urged businesses of all sizes to scan their point-of-sale systems for software known as "Backoff," discovered last October. It previously explained in detail how the software operates and how retailers could find and remove it.

Earlier this month, United Parcel Service said it found infected computers in 51 stores. UPS said it was not aware of any fraud that resulted from the infection but said hackers may have taken customers' names, addresses, email addresses and payment card information.

The company apologized to customers and offered free identity protection and credit monitoring services to those who had shopped in those 51 stores.

Backoff was discovered in October, but according to the Homeland Security Department the software wasn't flagged by antivirus programs until this month.

The news was the latest development in an ongoing battle between retailers and hackers.

Retail giant Target, based in Minneapolis, was targeted by hackers last year and disclosed in December that a data breach compromised 40 million credit and debit card accounts between Nov. 27 and Dec. 15. On Jan. 10, it said hackers stole personal information - including names, phone numbers and email and mailing addresses - from as many as 70 million customers.

Target, the third-largest retailer, has been overhauling its security department and systems in the wake of the pre-Christmas data breach, which hurt profits, sales and its reputation among shoppers worried about the security of their personal data. Target is now accelerating its $100 million plan to roll out chip-based credit card technology in all of its nearly 1,800 stores.

So-called chip and pin technology would allow for more secure transactions than the magnetic strip cards that most Americans use now. The technology has already been adopted in Europe and elsewhere.

On Wednesday, Target announced that its second-quarter earnings dropped 61.7 percent as it still reels from the cost of the breach as well as a botched Canadian expansion and sluggish sales.

The Backoff program itself is not unique. Like other malware designed to steal financial information from retail customers, the software gains access to companies' computers through insufficiently protected remote access points and duping computers users to download malware. But its wide deployment by hackers and its repeated updates over the last six months make it a serious threat for consumers and business.

Upcoming Events