|by Elizabeth Weise, USATODAY|
The credit card information was first offered up for sale Tuesday on an underground site that traffics in stolen financial information, security author
The breach could have begun in late April or early May of this year, Krebs reported.
If that is true, this incident could dwarf the Target breach, in which credit and debit accounts were compromised over a three-week period.
"This latest batch of cards is for sale from the same underground store that sold cards from
The data put up for sale was labeled "American Sanctions."
Krebs called the naming "what can only be interpreted as intended retribution for U.S. and European sanctions against
Stolen information from cards issued by European banks that were used in
The data for sale includes information that would have come from the magnet strip on the back of credit and debit cards, said Ford. Based on that, "there is probably malicious software on the point of sale registers in the stores," he said.
Credit card security breaches can cause companies significant losses.Target is still recovering from a massive data breach it suffered last holiday season in which the personal information and card data of up to 130 million customers was compromised.
In its latest earnings announcement last month, Target cut its annual profit outlook in part due to costs related to the breach. So far the breach has cost the retailer
The malware was first detected in October of 2013 and was not recognized by antivirus software programs until last month, Homeland Security said.
While it is not known if
The real trouble is not the companies but the credit card companies and banks that aren't introducing stronger security, she said.
"They could simply encrypt the information right at the terminal. That would stop most of these attacks," she said.
The next step is to begin using credit cards that include computer chips and require the use of a PIN, as is common in
"Similar attacks on merchants will likely continue until we remove the magnetic stripe from being the primary mechanism of data transfer in card-present transactions," said