According to a Reuters news service story posted online early Sunday, Target and Neiman Marcus are not the only U.S. retailers whose networks were breached over the holiday shopping season last year,.
The Reuters story and other cybersecurity websites are citing sources familiar with attacks on other merchants that have yet to be publicly disclosed.
At least three other well-known U.S. retailers were hit with smaller breaches than the massive one that hit Target, using similar techniques, the Reuters story said.
No group has yet claimed responsibility for the attacks and the Reuters story cited unnamed law enforcement sources as saying they suspect the ring leaders of the attacks are from eastern Europe, which is where most big cyber crimes have originated in the past few years.
On Saturday, Neiman Marcus publicly confirmed it had been attacked in late December and that personal data attached to credit cards had been stolen from customers who shopped at some of their 40 locations nationwide.
On Friday, Target revealed that up to 110 million shoppers' data may have been breached in the attack that it first disclosed on Dec. 19, when it set up a dedicated customer service line to handle inquires about the attack and began offering free credit monitoring services to affected customers.
Many states have laws that require companies to contact customers when certain personal information is compromised, but those laws usually require the credit card issuer to contact affected customers.