Target Credit Card Breach: Retailer Failed to Act on Warnings
Target's massive credit breach could have been prevented, it turns out. The No. 3 U.S. retailer apparently received security warnings about the breach but ignored them, allowing the largest credit card heist to occur right under its nose.
"With the benefit of hindsight, we are investigating whether if different judgments had been made the outcome may have been different," Target spokeswoman Molly Snyder said in a statement.
It wasn't until mid-December that Target acknowledged there had been a massive security breach (news of the breach was actually first reported by security blogger 41-year-old Brian Krebs), but red flags appeared as early as Nov. 30, a Bloomberg Businessweek report released Thursday reveals. Target's security team over in Bangalore noticed some suspicious activity and forwarded their concerns to Target's headquarters in Minneapolis. For whatever reason, Target dismissed the warnings, allowing over 100 million credit cards to be stolen.
What was happening on that Saturday will make any security expert cringe at the alternative scenario. The hackers had already collected the data they needed over the busy Thanksgiving shopping season, and all they needed to do was export the information. The suspicious activity logged on Nov. 30 was indeed just that -- the credit cards of over 100 million Americans being siphoned through various portals until they could be safely stored and sold on the black market. Another alert from FireEye, a computer security firm that developed Target's malware detection software, was filed Dec. 2. Had Target acted on the warnings, there's a chance the credit cards could have been saved.
"Target was certified as meeting the standard for the payment card industry (PCI) in September 2013. Nonetheless, we suffered a data breach. As a result, we are conducting an end-to-end review of our people, processes and technology to understand our opportunities to improve data security and are committed to learning from this experience," said Target chairman, president, and chief executive Gregg Steinhafel in an email statement.
"While we are still in the midst of an ongoing investigation, we have already taken significant steps, including beginning the overhaul of our information security structure and the acceleration of our transition to chip-enabled cards. However, as the investigation is not complete, we don't believe it's constructive to engage in speculation without the benefit of the final analysis."
Barring any hypothetical outcomes, Target has definitely felt the repercussions of the data breach. Consulting group Kantar Retail recently revealed that 33 percent of U.S. households shopped at Target in-store or online during January, a drop from the 43 percent that did in January 2013. The Kantar Retail data also reveals that visits to Target by Gen X shoppers between the ages of 39 and 49 and those who shop less frequently dropped during the first month of the year.
Security breaches such as the ones suffered by Target, Neiman Marcus, and Michaels have prompted increased government involvement in cybersecurity. The main issue of concern is that firms do not quickly and accurately disclose information concerning cybercrimes mostly due to fear of public backlash and lack of a proper framework for discussing cyberthreats.
"Businesses should be required to provide prompt notice to consumers in the wake of a breach. American consumers should know when they are at risk of identify theft or other harms because of a data security breach," Acting Assistant Attorney General Mythili Raman told the Senate Judiciary Committee hearing last month.
"Never has the need for legislation been greater," Federal Trade Commission Commissioner Edith Ramirez said. "With reports of data breaches on the rise, and with a significant number of Americans suffering from identity theft, Congress needs to act.
The White House released a 39-page plan Cybersecurity Framework plan in February aimed and giving firms a road map to follow in light of a cyberattack.
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!