On Friday, August 22 the Department of Homeland Security (“DHS”) and U.S. Secret Service released an advisory warning that a family of malware known as “Backoff” may have infiltrated the Point of Sale (“PoS”) systems of over 1,000 U.S. businesses. The malware was injected into some systems as far as back as October 2013, and DHS warns that it “has likely infected many victims who are unaware that they have been compromised.” “Backoff” allows cybercriminals to remotely exfiltrate consumer credit card information by exploiting an organization’s administrator accounts. The advisory strongly encourages businesses to take immediate action and contact their IT personnel, PoS and antivirus vendors as well as other service providers to assess whether their systems have been compromised by the malware.
To contact DHS with questions regarding the malware, businesses may send an e-mail to NCCIC@hq.dhs.gov or call (888) 282-0870.