Retailers prime targets for data theft