This will probably leave you scratching your head. It seems Target knew about a suspicious situation leading up to the recent security breach in which about 40 million payment card records were stolen but decided not to act right away.
The company’s security software found potentially malicious activity, but it didn’t raise any red flags right away.
“With the benefit of hindsight, we are investigating whether if different judgments had been made the outcome may have been different,” Target spokeswoman Molly Snyder said in a statement.
The nation’s No. 3 retailer admitted this failure only after Bloomberg Businessweek reported recently that “Target’s security team in Bangalore had received alerts from a FireEye Inc security system on November 30 after the attack was launched and sent them to Target headquarters in Minneapolis,” reports Reuters.
In February, Target Chief Financial Officer John Mulligan informed a congressional committee that the company didn’t begin investigating until December 12, after the U.S. Justice Department alerted the company about suspicious activity involving payment cards. Mulligan said that within three days, nearly all the malicious software had been deleted from Target’s cash registers.
According to FireEye, malicious software appeared in the system and they named the threat with the generic tag “malware.binary.” Two security experts say, however, security personnel probably didn’t pay much attention to generic alerts because of the lack of detail from FireEye. Typically, security teams gets hundreds of generic alerts each day.
“They are bombarded with alerts. They get so many that they just don’t respond to everything,” said Shane Shook, an executive with Cylance Inc. told Reuters. “It is completely understandable how this happened.”
Wherever the delay blame lies, Target could soon be bombarded with dozens of potential class-action lawsuits and action from banks seeking reimbursement for the millions lost due to fraud and the cost of card replacements.