US retailers agree to share cyber threat data

US retailers are planning to form an industry group for collecting and sharing intelligence about cyber security threats in a bid to prevent future attacks in the wake of last year's big attack on Target US.

The National Retail Federation said it will establish an Information Sharing and Analysis Centre, or ISAC, for the retail industry in June.

ISACs are industry groups that typically run security operations centers that operate around the clock, providing alerts about emerging threats to their members and sharing information provided by law enforcement and other government agencies.

They are set up under terms of a 1998 US presidential directive to foster sharing of security information between the public and private sector.

There are more than a dozen such organisations among industries including financial services, emergency services, healthcare, technology companies, public transportation and utilities.

The financial services industry ISAC, which is widely considered the most successful group of its type, will help retailers set up the new organisation.

Retailers have been under pressure from Congress and consumers to bolster security since the attack on Target, which resulted in the theft of some 40 million payment card numbers and another 70 million customer records.

After the breach was uncovered late last year, retailers privately complained of difficulty obtaining information from law enforcement about what had happened and how to thwart follow-on attacks.

In January, the Department of Homeland Security produced a report titled "Indicators for Network Defenders" that contained information about its secret investigation into the Target breach.

It was released through the Financial Services ISAC and other routes, but some retailers had trouble obtaining it because the industry lacked an established group for sharing information on cyber threats.

The new ISAC will also allow retailers to share tips on fighting hackers, which the industry hopes might prevent future attacks and make consumer data more secure.