Target Aware of Security Breach Before it Happened

TargetTarget acknowledged on Thursday that it was aware of a potential security breach weeks before it actually happened. The company’s security team received multiple notifications of signs of foul play, resulting in one of the largest and most successful data breaches to date. The company deeded to make a judgement call and ignore the seemingly vital information.

The retail giant had been utilizing a malware detection tool that was designed by FireEye, a security firm based out of California. Bloomberg Businessweek reported that the specialists monitoring Target’s computer logs reached out to their main offices in Minneapolis on November 30. They also found more alerts on December 2, which was a warning sign for the breach that Target confirmed on December 19.

The timing for the retailer could not have come at a worse time during the height of the holiday shopping season. Some 40 million of its customers had their credit and debit card information compromised. Weeks after that, Target revealed that up to 70 million customers had additional personal information stolen, such as addresses, emails, and telephone numbers.

Molly Snyder, a spokesperson for Target, admits that hindsight reveals the company’s missteps. “We are investigating whether, if different judgements had been made, the outcome may have been different,” she said in a statement. Snyder urged that like any other large company, discrepancies come up and are logged by their time. “Based on the interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow-up,” said Snyder.

Bloomberg first reported that Target was aware of the security breach before it happened, and the hackers infiltrated their system through a custom code on November 30. FireEye picked up the breach, along with information about where the date would be stored once it was stolen. However, instead of automatically deleting such malware, as the system is designed to do, Target’s security team turned off the feature.

Gregg Steinhafel, Target’s Chief Executive, does not want to point fingers until all of the information has been gathered, saying that the company does not wish to speculate “without the benefit of the final analysis,” Steinhafel wrote in a statement to Bloomberg. However, he did note that Target’s employees, technology and operations are currently being evaluated after the breach.

Once the company went public with news of the breach, sales for the retailer took a large hit and it has yet to recover. Shares of Target took a dip but have almost fully recovered. The company has poured $61 million in relation to the data breach, and that number is expected to keep growing as Target continues to take corrective action.

Target is not the only retailer that has been affected by a major security breach; several other major retailers have come forward with similar accounts. Both Neiman Marcus and craft store Michael’s are believed to have been struck by the same hackers that infiltrated Target. Credit card companies are calling for better security practices, and Congress is investigating a way to protect retailers from the seemingly invincible hackers in the future.

After it came to light that Target was aware of the security breach before it happened, Steinhafel said the company has “already taken significant steps,” in overhauling its security practices. Just last week, Target saw its first high-level resignation since the breach, when their senior technology executive left the company.

By Nathan Rohenkohl

Sources:

NY Times
Digital Journal
Bloomberg Businessweek

2 Responses to "Target Aware of Security Breach Before it Happened"

  1. ulfmattsson   March 15, 2014 at 9:07 am

    Some people think that it was likely that the security team received a large volume of such alerts on a daily basis, which would have made it tough to have singled out that threat as being particularly malicious.

    This type of situation is very common in the industry. They just haven’t been hit yet.

    The latest published Data Breach Investigations Report from Verizon reported that most breaches were detected by external parties with whom the victim has no business relationship specific to detection services. Common examples are ISPs and intelligence organizations that track threat actors and, when appropriate, inform potential victims of suspicious activity.

    Only 13% of breaches where detected by internal means. There is a lack of effective means of detecting a breach internally. This involves a regular employee who, in the course of their daily responsibilities, notices something strange. Other means (like Log reviews, IT audit, Network Intrusion Detection Systems and Fraud detection) only detected 5% of the breaches.

    This tells me that we need to proactively secure sensitive data itself and not rely on monitoring systems to catch an attacker.

    Chip and pin cards will not help against most modern attacks. Attackers just move to the next point in the data flow to steal your identity data.

    I read about retailers that are using best practices in an interesting report from the Aberdeen Group. The report revealed that “Over 12 months, data tokenization users had 50% fewer security-related incidents (e.g., unauthorized access, data loss or data exposure than tokenization non-users”.

    I think that the Aberdeen approach can quickly address some of the urgent issues. The name of the study is “Tokenization Gets Traction”.

    I also read “Tokenization – Why, What, How and Who” in Money2020 that Tokenization has been a hot topic lately. In a tokenization scheme, even if a hacker has access to several data pairs, the tokenization algorithms should be complex enough so that it cannot be breached.

    Ulf Mattsson, CTO Protegrity

    Reply
  2. whatever   March 14, 2014 at 4:21 pm

    Lots of typoes… It’s “judgment”, not “judgement”. And “data”, not “date”.

    Reply

Leave a Reply

Your email address will not be published.