targetstorefrontThe Target data heist, that occurred from Thanksgiving weekend until the second week in December is now up to over 110 million customer records. More and more is being revealed about the heist, now being called the biggest retail data heist of all time.

It’s been reported that the malware gained access to all of Target’s Point of Sale (POS) terminals and offloaded customer data to a separate server, within Target’s network, the minute a customer swiped their card.

It’s believed that customer’s payment information, address and personal
information along with email addresses may have all been taken during the heist. Customer’s personal identification numbers, used to perform debit transactions and at AT machines, were also compromised however that data may still be protected by encryption.

Many tech and security websites reported last week, that once the data was offloaded after a swipe, and then moved to another server, it was then moved again to a server in Russia. However it’s also been widely noted that this doesn’t mean the culprits are actually based in Russia.

Several trusted news sites, including marketwatch.com have reported that the entire operation may have begun with modified malware created by a 17 year old Russian hacker. The boy, Sergey Taraspov is a well known hacker and malware programmer in the underground world.

Taraspov’s BackPOS malware is an inexpensive, off the shelf malware, which is believed to be behind the attack on Target and another on high end retailer Neiman Marcus.

“He is still visible for us, but the real bad actors responsible for the past attacks on retailers such as Target and Neiman Marcus were just his customers,” said Dan Clements the President of Intercrawler a Los Angeles based security firm, reports marketwatch.com.

There is no word on whether Taraspov is cooperating with authorities or the culprits. The US Secret Service is heading up the multi-agency investigation.

Target is being, for the most part, tight-lipped, only sharing information that they absolutely have to. Customers with fraudulent charges on their cards will not be responsible for those charges. The weekend after the story broke, and before Christmas, Target tried to appease customers by offering all customers 10% off their entire order the entire weekend long. However, many analysts felt that the 10% off was hardly enough.