A 17-year-old Russian national is responsible for developing the malware that stole credit card information from hundreds of millions of Target and Neiman Marcus shoppers, according to security firm IntelCrawler.
The 17-year-old, whose name was not disclosed, sold the malware "Black POS" to cybercriminals throughout Eastern Europe under the username “ree4.”
IntelCrawler CEO Andrew Komarov said the teen did not plan the hack which stole the private data of 110 million Target shoppers last Christmas, but he did benefit from selling the program to identity thieves for $2,000 per download.
BlackPOS has been download at least 60 times since it was created, said Komarov.
IntelCrawler reported the information to U.S. authorities and Visa.
The National Retail Federation has said that the breaches never would have occurred if U.S. credit-card issuers used the newer “chip-and-PIN” method, already in use throughout Europe.
American Express, Discover, MasterCard and Visa plan to make U.S. retailer accept chip-and-PIN cards by October 2015, Tom’s Guide reported.