Target Black Friday 2013:  The malware that allowed Neiman Marcus and Target Black Friday data breaches came from a 17-year-old Russian national.

According to MarketWatch, the creator of the malicious software was identified by California Internet security firm Intelcrawler. The name the creator of the malicious software has not yet been published.

According to the blog on Intelcrawler, a St. Petersburg, Russia, teenager wrote the programming code that enabled the breach at Target and Neiman Marcus in late December.

The Russian teenager allegedly sold the malware, which is called BlackPOS to cybercriminals in eastern Europe. The Target Black Friday cybercriminals have not been identified. Andrew Komarov, the CEO of Intelcrawler said the software let the cybercriminals remotely hack into Target and Neiman Marcus' electronic cash registers and steal shoppers' personal information.

According to Komarov, the malware was downloaded about 60 times. Other retailers besides Target and Neiman Marcus were also hacked or might be at risk of being hacked in the future.

Neiman Marcus has not said how many customers were affected by its breach. Security experts put the figure at about least 1 million shoppers.

A Nilson report said that the U.S. accounted for about 23 percent of global credit card sales and 47 percent of fraud losses in 2012. The Nilson Report newsletter said, "The U.S. is the only region where counterfeit credit fraud continues to grow consistently."

According to Paul Clampitt, CEO of Institution Solutions in Richardson, more than 1 billion cards would have to be reissued, and 8 million merchants would have to upgrade point-of-sale devices.

Target announced that the Black Friday data breach of 2013 could reach up to 100 million records, putting the Target Black Friday breach in the same category of massive hack attacks against Adobe and Sony. The Target Black Friday breach was caused by malware on store point-of-sale systems.

Consumer watchdogs urge customers who shopped at Target during the Black Friday time period to check their credit card statements. Custoners should change their PIN in the aftermath of the massive breach that happened at Target Stores on Black Friday.

Target originally announced that cybercriminals stole 40,000,000 payment card records. They said "As part of Target's ongoing forensic investigation, it has been determined that certain guest information - separate from the payment card data previously disclosed - was taken from Target. This theft is not a new breach, but was uncovered as part of the ongoing investigation. At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals sucked up by cybercriminals."

Target promised that "Guests will have zero liability for the cost of any fraudulent charges arising from the breach. To provide further peace of mind, Target is offering one year of free credit monitoring and identity theft protection to all Target guests who shopped our U.S stores. Guests will have three months to enroll in the program. Additional details will be shared next week."

Target Black Friday stolen data included names, numbers, expiration dates and data taken from the magnetic strip when credit or debit cards are swiped.  The Target Black Friday hackers may be able to reproduce credit and debit cards and use them to withdraw cash from ATMs.

Target said some customers have been unable to use its gift cards because they weren't fully activated.

Target has been working to retain customers' loyalty. Target says its encryption system would not give the Black Friday hackers access to the encryption key. Target says only the external payment processor can access that kind of information

At the time, a Target spokesperson said "While we previously shared that encrypted data was obtained, this morning through additional forensics work we were able to confirm that strongly encrypted PIN data was removed. We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems."