But that’s just in the USA.
IBM’s survey said that there had been a 50 percent decline in attacks on retail web sites in 2014.
The report said that even though the number of cyber attacks had fallen, the attacks have become much more sophisticated.
IBM’s security services analyse over 20 billion security incidents every day – presumably worldwide.
The attackers are developing sophisticated techniques to grab “massive amounts” of data with each attack.
“The threat from organised cyber crime rings remains the largest security challenge for retailers,” said Kris Lovejoy, general manager of IBM Security Services.
IBM suggested that not all cyber breaches are disclosed.
Big Blue said the primary way cyber gangs gained access was through a method called Secure Shell Brute Force, which now outweighs malicious code.
There has been a rise in attacks however in point of sale systems using malware, but most were through command injection or SQL injection.
IBM said lack of data validation in SQL databases by system administrators made retail databases a favourite spot to attack.