During the heat of the 2013 holiday season, retailer Target lost the payment data, addresses, phone numbers, and names of some 70 million customers. As it turns out, the massive data breach was preventable if Target took more proactive steps to combat it, according to a detailed five-page report by Bloomberg Businessweek.
Here’s what happened: Someone installed malware in Target’s security and payments system. So every time someone scanned their credit card, it was sent to a special server, owned by Target, that hackers controlled.
Shortly before falling prey to the hack, Target began employing new network monitoring tools, working in concert with FireEye, a firm that specializes in Internet security. A Computerworld report claims that security specialists based in India spotted warning signs prior to the breach and reported their findings to Target’s headquarters in Minnesota.
On November 30, FireEye sent alerts to Target identifying that malware named “malware.binary” was present on the retailer’s networks, and figured out which servers the hackers had taken over. As instances of the malware increased, additional alerts were sent. Each notification was accompanied with the highest rating of severity in accordance with FireEye’s threat scaling system. But Target reportedly did not respond to these alerts.
Because the network monitoring tools used by Target had not been fully tested and configured at the time, an option that would have allowed the security system to automatically terminate the threat was not enabled. Had it been active, the entire threat could have been dealt with while the security system was essentially running on autopilot. The team in charge of Target’s security ignored the warnings.
Molly Snyder, a Target spokeswoman, says the retailer initially investigated signs of the hacks, but failed to act on any of the warning signs they found early on: “Based on their interpretation and evaluation of that activity, the [Target security] team determined that it did not warrant immediate follow up,” she said. “With the benefit of hindsight, we are investigating whether, if different judgments had been made, the outcome may have been different.”
A U.S. Congressional investigation into the matter is currently ongoing.
- ADT beefs up its security offerings with new hardware and an app
- Hackers are now favoring ransomware over personal data theft
- Government websites fall prey to a plugin injected with a digital coin miner
- From the doctor to the DMV, blockchain can make governments swift and secure
- Hackers modify ransomware to deliver a Coinhive cryptocurrency-mining payload