nb_cid nb_clickOther -tt-nb this.style.behavior='url(#default#homepage)';this.setHomePage('http://www.aol.com/?mtmhp=acm50ieupgradebanner_112313 network-banner-empty upgradeBanner
14
Search AOL Mail
AOL Mail
Video
Video
AOL Favorites
Favorites
Menu

Businessweek: Target didn't act on data breach alerts

Businessweek: Target Didn't Act On Data Breach Alerts

Target announced back in February the retail company was planning to install new anti-fraud technology in the wake of a massive data theft that affected tens of millions of customers. But Businessweek reported Thursday all of the trouble could've been avoided.

"Hackers began capturing credit card data Nov. 27. Three days later, a sophisticated security tool made by FireEye spotted the malware."

Target reportedly spent $1.6 million on FireEye, which is used by the Pentagon and the CIA, then hired security personnel in Bangalore, India to monitor the software.

Businessweek says the specialists sent the alert to Target's security operations center in Minnesota. Then, nothing. "Target stood by as 40 million credit card numbers-and 70 million addresses, phone numbers, and other pieces of personal information-gushed out of its mainframes."

Bloomberg Businessweek editor Josh Tyrangiel told CBS many have speculated that the software was too complicated or too new for Target to respond effectively, but added the paper's investigation also revealed something peculiar.

"Not only did it ignore its own alerts, there's an automated system within FireEye that could've detected and eradicated the malware, the bad software. That feature had been turned off on the system."

According to Mashable, the report contradicts what Target has previously said about the breach. "In a Congressional testimony, the company claims that it only learned of the attack in mid-December, after the U.S. Department of Justice caught it and contacted Target. However, Businessweek cites computer logs that show there were FireEye alerts from Nov. 30 and then Dec. 2, when a second attack occurred. "

Businessweek also reported on a similar misfortune with Neiman Marcus' data breach. The high-end retailer reportedly missed 60,000 security alerts after malware began stealing user information from their stores. (Via Flickr / rocor)

Gizmodo reported the hackers gave the malicious software a name similar to Neiman Marcus' official payment software "making it tough to distinguish suspicious activity from false positives." What's more: the system set to automatically block harmful software was also turned off.

CNET received a statement from Target regarding the Businessweek story. The statement reads in part, "With the benefit of hindsight, we are investigating whether, if different judgments had been made the outcome may have been different. Our investigation is ongoing and we are committed to making further investments in our people, processes and technology with the goal of reinforcing security for our guests."

Join the discussion

1000|Char. 1000  Char.
straight2spam March 15 2014 at 1:45 PM

This why I always pay CASH.

Flag Reply +1 rate up
atupek345 March 14 2014 at 2:23 PM

perhaps they should look into the folks back in India managing their security, pretty corrupt country.
Yeah keep outsourcing, you can't outsource trust! Wonder what the outsourcing savings are compared to the sales loss. If you are unable to find capable people here, usual excuse, but in reality they are too expensive, bring em here, if they do mess with you, they go to jail.

Flag Reply +2 rate up
Ray March 14 2014 at 1:23 PM

Target needs to get off of that "guests" lingo. The proper name should be "customers."
What's wrong with "Target Management"? Also, anything that costs money for retailers will not be taken advantage of. Target refuses to protect their customers or their guests.

Flag Reply +1 rate up
Jill March 14 2014 at 1:34 PM

I knew there was a reason why I NEVER shop at Target!

Flag Reply +1 rate up
evestar05 March 14 2014 at 1:42 PM

Oh what a tangled web we weave whan first we practice to decieve.

Flag Reply +1 rate up
kghearn March 14 2014 at 2:11 PM

The next news story I want to read about this is naming the person or persons who's job it was to respond to these alerts and that they have been unceremoniously fired. Don't tell us they'd been put on leave or given huge severance packages! This is a blatant case of folks not doing their job and these folks need to be outed and dumped!

Flag Reply +2 rate up
tuffy11 March 14 2014 at 2:17 PM

My credit info was stolen from Target.. I will never shop there again after learning of this stupid careless blunder of theirs. They played the victim card when all along they choose to not protct themselves from hacking. I hope there is some way to hold them accountable legally, and make them pay for the stress it caused so many customers.

Flag Reply +3 rate up
thetoolnut March 14 2014 at 2:31 PM

target is run by jokers ! hey treat their customers like garbage so why would you expect them to do anything that would help protect you ?

I personally have not shopped their in almost 15 years and no plans to do so in the future. most of my friends & family wont shop their anymore because of me so KABOOM !!! I hate target !

Flag Reply +3 rate up
John March 14 2014 at 2:32 PM

So the CEO fxxxxx up. But how can that be? They are paid millions because few people can do such a job.. Fire him and send him packing

Flag Reply +4 rate up
2 replies
davehenderson07 John March 14 2014 at 3:17 PM

Agreed

Flag Reply +2 rate up
jazzfan19605 John March 14 2014 at 4:49 PM

Yeah, fire him after he cashes out. Millions.

Flag Reply 0 rate up
grama4j7 March 14 2014 at 2:37 PM

Reason for this mess! ! MONEY MONEY MONEY! That is always the reason for corruption! TARGET
doesn't care about their customers as we can see....they are just afraid of losing a nickel to look into and admit to the hacking claim..........

Flag Reply +3 rate up
aol~~ 1209600

Voting...

More From Our Partners