Eric Thayer / Reuters

The malware used to hack into Target’s credit card system may have been written by a 17-year old Russian teen, although investigators don’t think the programmer was involved in the actual security breach that may have also affected high-end retailer Neiman Marcus.

Los Angeles-based software intelligence company IntelCrawler reports the data breach was caused by an “off-the-shelf” malware called BlackPOS, and that the teenager who originally invented BlackPOS likely was not the perpetrator in the theft. The findings come from a joint investigation conducted by the U.S. Secret Service and iSIGHT Partners, a cyber intelligence group. Credit card and other personal information for 70 million customers was compromised in the Target hack, though it’s unclear if the same malware was to blame for a smaller-scale attack on Neiman Marcus.

IntelCrawler CEO Andrew Komarov posed as a cybercriminal and chatted with the teen, and said the hacker told him he would sell him the malware for $2,000 or 50 percent of all intercepted credit cards.