It's kind of like playing the game whack a mole!
First, it was Target. The "security breach" that compromised the confidential information of millions of Americans.
Then, we learned about Neiman Marcus. The high end retailer disclosed it too had been hacked. We're still waiting for word on how many people are affected.
And now - a report from the cyber watch group IntelCrawler suggests at least six more retailers have yet to tell customers they've been breached as well with the same malware - attacking their online credit card processing.
So, the question now - where should we look to next?
According to IntelCrawler, the source of the malicious software can all be traced back to one place.
A hacker, close to 17 years old, in Russia.
The report claims the very first sample of the malware was created in March of 2013 hitting stores in Australia, Canada, and the United States.
Legally, the burden is on retailers to protect customer information.
But from what we know now this could be the tip of the iceberg.
Experts say the teen who made the malware that started this whole mess shared it with other hackers.