Report: Target aware of early warning signs before data breach

Author:
Updated:
Original:

Target Corp. admitted Thursday that its online security protection detected potentially malicious activity in connection with the massive company data breach last year, but staff ultimately decided not to take immediate action, Reuters reports.

The news service says Target made the disclosure after a Bloomberg Businessweek report Thursday about the discovery by the company's $1.6 million malware detection tool, FireEye. The Califonia-based company, whose clients include the CIA and the Pentagon, had a team of specialists in Bangalore, India, to monitor the Minneapolis-based retailer's computers around the clock, according to Bloomberg.

"On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route," Bloomberg said. "As they uploaded exfiltration malware to move stolen credit card numbers – first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia – FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis. And then … nothing happened."

The company received another alert Dec. 3, the publication said.

"With the benefit of hindsight, we are investigating whether if different judgments had been made the outcome may have been different," Target spokeswoman Molly Snyder said in a statement Thursday.

A reported 40 million payment card records were stolen from Target along with 70 million other records, including customer information.

"Not only should those alarms have been impossible to miss, they went off early enough that the hackers hadn’t begun transmitting the stolen card data out of Target’s network," Bloomberg said. "Had the company’s security team responded when it was supposed to, the theft that has since engulfed Target, touched as many as one in three American consumers, and led to an international manhunt for the hackers never would have happened at all."

Despite the outcome of the alert, a computer security expert told Reuters that it was "understandable" why Target didn't react to the alert since the company likely receives hundreds of threats per day.

"They are bombarded with alerts. They get so many that they just don't respond to everything," Cylance Inc. executive Shane Shook says. "It is completely understandable how this happened."

Black Hills Information Security owner John Strand also stood up for Target, saying it's easy to accuse the company of being incompetent given the severity of the breach.

"Target is a huge organization. They probably get hundreds of these alerts a day," Strand tells Reuters. "We can always look for someone to blame. Sometimes it just doesn't work that way."

Bloomberg says, however, because the FireEye system is so sophisticated, the number of alerts it puts out is small and the number of false-positives is small, one of the report's investigative journalists, Michael Riley, told Bloomberg TV.

Bloomberg said it had attempted to ask Target Chairman, President and Chief Executive Officer Gregg Steinhafel about why the company didn't immediately respond to the threat.

Steinhafel emailed Bloomberg a statement in return, which said in part: "Target was certified as meeting the standard for the payment card industry (PCI) in September 2013. Nonetheless, we suffered a data breach. As a result, we are conducting an end-to-end review of our people, processes and technology to understand our opportunities to improve data security and are committed to learning from this experience."

In the wake of the massive data breach, Target's chief information officer, Beth Jacob, resigned from the company earlier this month. The company also announced that it will overhaul its security management oversight team in response to the data breach.

The Associated Press says Jacob held the position since 2008 and oversaw teams in the U.S. and India.

Next Up

Hamilton

Hennepin Theatre Trust announces 2021-22 Broadway schedule

Health and safety protocols will be in place based on state guidance.

Tim Walz

Walz to hold press conference on MN State Capitol safety concerns

This comes amid ongoing threats to state Capitols across the country.

Screen Shot 2020-08-14 at 6.45.53 PM

Brooklyn Park standoff: Suspect kills himself, child taken hostage is safe

The standoff ended Thursday night when the suspect shot himself.

police tape, crime scene

Man dies in alley after report of shooting in Minneapolis

Police were sent to the scene by ShotSpotter activation.

image_50407937

COVID-19 shines a light on the struggles facing Minnesota's working mothers

Daycare and school closures have put working families under pressure, with mothers bearing the brunt.

Prada Purse2

Border patrol in Minneapolis intercepts shipment of 173 counterfeit designer bags

If they were authentic, they would have been worth about $405,975.

Minneapolis City Hall

Minneapolis councilors propose replacing police department, rent stabilization

Council members are also proposing two charter amendments to help renters in Minneapolis.

Vaccine COVID

MDH expands COVID guidance, urges providers to vaccinate the 65+

More vaccine guidance will be provided in the coming days.

Tom Brady

Coller: Which remaining teams should the Vikings emulate?

Matthew Coller writes a weekly Vikings column for BMTN, with more of his work found at Purple Insider.

Screen Shot 2019-04-16 at 3.33.57 PM

Serious crime was up 15% in St. Paul in 2020

“This was an incredibly hard year for all of us,” Police Chief Todd Axtell said, citing riots and the pandemic.

Related