According to a report from Bloomberg Businessweek, Target was informed that many of its consumer’s credit cards had been breached and did nothing to stop the violation for 12 days before the company decided to act on the information. The retailer had even hired a security firm called FireEye to observe their servers for malicious software. FireEye’s response team contacted the Target headquarters in Minneapolis, Minnesota, on November 30 but unfortunately Target did not respond to the alarm.
The document describes in detail, mentioning that FireEye (which was created by the CIA) had copycat servers that fooled the hackers into believing they were corrupting running servers. Instead, the hackers were trapped in a sandboxed environment while the security team watched.
Josh Tyrangiel, editor for Bloomberg Businessweek, stated that Target employed a team of people in Bangalore to monitor the security system. He added that when the staff noticed an alert from FireEye and reported it, there was no reply to their numerous efforts in trying to contact the company.
Two people who inspected FireEye’s performance after the security breach discovered that Target turned off the function needed to automatically remove malware as it is detected. It seems that simply agreeing to delete the malicious software was too much to ask from Target, and because of this their customers paid the price.
Bloomberg’s piece also noted that it was not until the U.S. Department of Justice alerted Target about the breach in mid-December that the company went back to investigate the infringement. In addition, FireEye repeatedly alerted the retailer on November 30 and on December 2, which was before the hackers had begun removing the stolen credit card information off of Target’s computer network.
Target spokeswoman Molly Snyder said that with their investigation, the company learned that after the hackers entered their network, a minute amount of their activity was logged and brought to their attention. Based on Target’s assessment of the activity, the team decided that immediate response was not necessary.
Due to Target’s failed response to FireEye’s repeated warnings, 110 million customers were affected. And for almost two weeks, the company did nothing to stop the credit card breach.
The response from Target consumers has been far from positive. During the holiday season, sales had dropped 46 percent from the previous year. It is evident that the retailer will be paying much closer attention to their security systems if it wants to stay in business.
Target reported that between November 27 and December 15, 40 million credit and debit card accounts had been breached. The corporation also stated that the hackers stole personal data including phone numbers, names, mailing addresses and email accounts from as many as 70 million people.
Beth Jacob, Target’s chief information officer, has resigned as of last week because of the breach. The company stated that it was working on restructuring many of its security and technology divisions to prevent any future violations from occurring.
Target is implementing a $100 million plan to start producing credit card technology that is chip-based, which professionals say is much more secure than the magnetic stripe credit cards.
Regardless of the new technology, the fact is that Target did nothing to stop the credit card breach until it was too late. Hopefully, other companies will learn from their mistake.
By Amy Nelson