Target Got Warnings About Hack—and Ignored Them

It even turned off program to delete malware, says Businessweek
By John Johnson,  Newser Staff
Posted Mar 13, 2014 1:39 PM CDT

(Newser) – If only Target had top-notch security software in place to prevent last year's disastrous hack. Oh wait, it did. In fact, a report by Businessweek/Bloomberg says the software was essentially screaming that something was amiss well in advance of any actual theft of customers' credit card data. Target had plenty of time to react—but did nothing. The $1.6 million software program from security firm FireEye detected the installation of malware on Nov. 30 and multiple times afterward, before hackers started stealing data, but the urgent alerts went unheeded.

story continues below

Why didn't the software kill the malware on its own?

  • "The system has an option to automatically delete malware as it's detected. But according to two people who audited FireEye's performance after the breach, Target's security team turned that function off," says the story, which follows a two-month investigation. "It's possible that FireEye was still viewed with some skepticism by its minders at the time of the hack ..."
The story points to "inaction on the part of Target and a clear effort by FireEye to shore up its reputation," writes blogger John Biggs at TechCrunch. "If Target couldn’t be bothered to delete the malware, this piece suggests it’s not FireEye’s fault." Click for the full story, which, as Mashable points out, speculates that the mastermind of the Target hack might be a 22-year-old Ukrainian. (Read more Target stories.)

We use cookies. By Clicking "OK" or any content on this site, you agree to allow cookies to be placed. Read more in our privacy policy.
Get the news faster.
Tap to install our app.