Is your payment information safe? It’s hard to know, considering many companies hit by the same cyberattack that hit Target don’t even know it. According to a New York Times report published Friday, more than 1,000 businesses, including Supervalu and United Postal Service (UPS), were caught up in a breach affecting in-store cash register systems. The Department of Homeland Security issued an advisory that said millions of American payment cards have been affected by the hack.

More than 1,000 American businesses have been affected by the cyberattack that hit the in-store cash register systems at Target, Supervalu and most recently UPS Stores, the Department of Homeland Security said in an advisory released on Friday. The attacks were much more pervasive than previously reported, the advisory said, and hackers were pilfering the data of millions of payment cards from American consumers without companies knowing about it. The breadth of the breaches, once considered limited to a handful of businesses, underscored the vulnerability of payment systems widely used by retail stores across the country. On July 31, Homeland Security, along with the Secret Service, the National Cybersecurity and Communications Integration Center and their partners in the security industry, warned companies to checktheir in-store cash register systems for a malware package that security experts called Backoff after a word that appeared in its code. Until that point, Backoff malware and variations of it were undetectable by antivirus products.