Target this week acknowledged that it probably could have done more to prevent a hack that impacted up to 70 million shoppers.
“With the benefit of hindsight, we are investigating whether, if different judgments had been made the outcome may have been different,” a Target spokeswoman said in a statement.
News of the Target breach emerged in December and impacted those who used credit or debit cards in U.S. Target stores between Nov. 27 to Dec. 15. The retailer said the breach affected 40 million credit and debit card numbers, as well as the personal information of up to 70 million individuals.
The hack is in the news again this week after a Bloomberg BusinessWeek article said that Target ignored warnings about a possible intrusion. The report says Target used a malware detection tool from FireEye, and that the product picked up on sketchy behavior in late November. Target was notified “and then … nothing happened,” according to BusinessWeek.
In speaking with former Target employees who know the company’s security system, they discussed “an alert system, installed to protect the bond between retailer and customer, that worked beautifully. But then, Target stood by as 40 million credit card numbers—and 70 million addresses, phone numbers, and other pieces of personal information—gushed out of its mainframes,” the magazine reported.
In a blog post, FireEye said it is company policy “to not publically identify our customers and, as such, we cannot validate or comment on the report’s claims that Target” is a customer.
In a statement today, the Target spokeswoman admitted that Target “learned that after these criminals entered our network, a small amount of their activity was logged and surfaced to our team. That activity was evaluated and acted upon. Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow up.”
“Our investigation is ongoing and we are committed to making further investments in our people, processes and technology with the goal of reinforcing security for our guests,” Target concluded.
Source: PC Magazine