Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


ChewBacca malware targets smaller retailers in 11 countries

Program compromised up to 49,000 payment cards

More frequently associated with space-faring Wookiees, the name ChewBacca has recently entered the lexicon of cybersecurity as the moniker of a malicious software suite.  And while the fight against that online menace may involve fewer lasers, for retailers it’s still pretty hairy.

According to RSA FirstWatch, a ring of cyber thieves used the program to attack smaller retailers in 11 countries, successfully stealing information from roughly 49,000 credit and debit cards. The software has been in use since late October of 2013, infecting point-of-sale systems to collect details about the payment cards run through them. In that time around 24 million transactions were logged by the software.

While malware targeting customer data can be relatively sophisticated, RSA says that the virus was basic in its execution. “The ChewBacca Trojan appears to be a simple piece of malware that, despite its lack of sophistication and defense mechanisms, succeeded in stealing payment card information from several dozen retailers around the world in a little more than two months,” the RSA Blog says.

ChewBacca did not threaten larger retailers, but the threat of personal information theft is a growing concern for consumers in the wake of similar incidents at Target and Neiman Marcus stores. The incident underscores not only the relative ease with which cybercriminals can steal information, but also the loathsome state of security guidelines that prevent them from doing so.

While the Federal Trade Commission has stepped up recently in attempt to hold organizations accountable to negligent security standards, it does so on a case-by-case basis. Retailers and other organizations still have few guidelines to proactively protect customer info.

RSA has assisted the Federal Bureau of Investigation in stopping the attacks, and has alerted the parties of potentially compromised payment cards.


For more on cybersecurity check out these stories:

Cyber breach insurance: What, me worry?

Big retailers want more regulation in the wake of breaches

Target facing multiple suits, investigations after massive data breach

Executive Editor

author image

Chris DiMarco

Chris DiMarco, Executive Editor of InsideCounsel magazine, has a background in multimedia production with previous involvement in projects in which he developed and created content...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.