Target acknowledged on Thursday that it was aware of a potential security breach weeks before it actually happened. The company’s security team received multiple notifications of signs of foul play, resulting in one of the largest and most successful data breaches to date. The company deeded to make a judgement call and ignore the seemingly vital information.
The retail giant had been utilizing a malware detection tool that was designed by FireEye, a security firm based out of California. Bloomberg Businessweek reported that the specialists monitoring Target’s computer logs reached out to their main offices in Minneapolis on November 30. They also found more alerts on December 2, which was a warning sign for the breach that Target confirmed on December 19.
The timing for the retailer could not have come at a worse time during the height of the holiday shopping season. Some 40 million of its customers had their credit and debit card information compromised. Weeks after that, Target revealed that up to 70 million customers had additional personal information stolen, such as addresses, emails, and telephone numbers.
Molly Snyder, a spokesperson for Target, admits that hindsight reveals the company’s missteps. “We are investigating whether, if different judgements had been made, the outcome may have been different,” she said in a statement. Snyder urged that like any other large company, discrepancies come up and are logged by their time. “Based on the interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow-up,” said Snyder.
Bloomberg first reported that Target was aware of the security breach before it happened, and the hackers infiltrated their system through a custom code on November 30. FireEye picked up the breach, along with information about where the date would be stored once it was stolen. However, instead of automatically deleting such malware, as the system is designed to do, Target’s security team turned off the feature.
Gregg Steinhafel, Target’s Chief Executive, does not want to point fingers until all of the information has been gathered, saying that the company does not wish to speculate “without the benefit of the final analysis,” Steinhafel wrote in a statement to Bloomberg. However, he did note that Target’s employees, technology and operations are currently being evaluated after the breach.
Once the company went public with news of the breach, sales for the retailer took a large hit and it has yet to recover. Shares of Target took a dip but have almost fully recovered. The company has poured $61 million in relation to the data breach, and that number is expected to keep growing as Target continues to take corrective action.
Target is not the only retailer that has been affected by a major security breach; several other major retailers have come forward with similar accounts. Both Neiman Marcus and craft store Michael’s are believed to have been struck by the same hackers that infiltrated Target. Credit card companies are calling for better security practices, and Congress is investigating a way to protect retailers from the seemingly invincible hackers in the future.
After it came to light that Target was aware of the security breach before it happened, Steinhafel said the company has “already taken significant steps,” in overhauling its security practices. Just last week, Target saw its first high-level resignation since the breach, when their senior technology executive left the company.
By Nathan Rohenkohl