The cyber security firm IntelCrawler said on Friday it has uncovered at least six ongoing attacks at merchants across the United States whose credit card processing systems are infected with the same type of malicious software used to steal data from some 40 million credit cards at Target Inc.
Andrew Komarov, the firm's chief executive, told Reuters that his firm has alerted law enforcement, Visa Inc and intelligence teams at several large banks about the findings.
The report from IntelCrawler is the latest evidence to suggest that disclosures from Target and upscale department store Neiman Marcus about cyber attacks that resulted in the theft of payment cards and other customer data may only be the tip of the iceberg.
Komarov said retailers in California and New York were among those compromised with BlackPOS, the same malicious software used in the attack on Target. Their names could not immediately be confirmed.
A Visa spokeswoman said she could not immediately comment.