Target Missed Early Warning Signs of Holiday Data Breach
March 13, 2014 1:45 PM
comment(s) - last by
It received notifications of suspicious activity on November 30
Target's massive data breach over the holiday season last year could've been stopped earlier had the company's officials responded to warnings.
, Target officials received warnings of suspicious malware on November 30, 2013, indicating a possible data breach. However, they moved too slowly in responding to these warnings, leading to millions of customer credit/debit cards and personal information being stolen.
Target possesses a malware detection tool made by FireEye Inc., which is ran by security specialists in Bangalore, India. These specialists monitor Target's digital activity, and on November 30, they sent notifications to Target officials in Minneapolis about the malware.
The specialists in India sent additional warnings on December 2 as additional malware surfaced. FireEye's security system has the ability to automatically delete such malware, but Target’s security team turned off the feature. This means the malware had to be deleted manually, but the Target officials in Minneapolis failed to do so right away.
Had they done so, the massive breach could have been stopped much sooner, sparing many millions of customers.
The breach ended up running from November 27 to December 18, where 40 million credit and debit card records were stolen and another 70 million records with customer information like addresses and telephone numbers were taken.
Last week, Target's Chief Information Officer Beth Jacob resigned in the wake of the data breach. Jacob held the CIO position since 2008, where she was in charge of Target's website, internal computer systems, and everything in between.
When the data breach happened last year, a lot of the blame likely fell on Jacob's shoulders, which could be the reason for her resignation.
Since the breach, Target has been working to make fixes to ensure that it won't happen again. One of these fixes is
a call for smartcards
, which could replace current credit and debit cards.
Smartcards, unlike current credit and debit cards used in the U.S., have a tiny microprocessor chip that encrypts the user's personal data shared with the merchant's sales terminals. Traditional credit and debit cards have a magnetic strip instead, which hold's the user's information, but can clearly be compromised. If a smartcard number is stolen, it's useless without the microchip.
To show Target's dedication to the smartcard cause, it's speeding up its goal of bringing its REDcard smartcards to all Target stores by early 2015 -- six months earlier than its previous goal. The chain is making a $100 million investment in the technology to accomplish this goal.
In addition to smartcards, Target is changing technology and security roles within the company, such as separating the responsibility for assurance risk and compliance (compliance duties at Target were overseen by Target's current vice president of assurance risk and compliance).
This article is over a month old, voting and posting comments is disabled
RE: Better Idea
3/13/2014 2:32:06 PM
You don't understand PR and politics do you? It's not about what's practical. It's about what sounds sexy in the media. SmartCards sound sexy. The media doesn't want to hear boring complicated stuff like "securing B2B EDI transactions and expanding our information security policy to cover business associates."
SmartCards wouldn't have protected Target from the breach, it would have just made the customer data more difficult to obtain.
"We basically took a look at this situation and said, this is bullshit." -- Newegg Chief Legal Officer Lee Cheng's take on patent troll Soverain
Target Calls to Replace Credit, Debit Cards with Smartcards After Security Breach
February 4, 2014, 3:09 PM
Apple Adds New Password Protection for Third Party iCloud Apps
September 17, 2014, 8:50 PM
Facebook Tests Moments App, Aims to Keep Your Private Memories Private
September 17, 2014, 5:46 PM
Russian Hackers Compile List of 10+ Million Stolen Gmail, Yandex, Mailru
September 11, 2014, 11:41 AM
House Minority Leader Pelosi Criticizes FCC's "Fast-Lane" Net Neutrality Plan
September 9, 2014, 4:15 PM
Smarter Than Siri? Cortana Adds Game NFL Game Winner Prediction
September 3, 2014, 4:12 PM
Apple Says Nude Celebrity Photo Dump Wasn’t Result of iCloud, Find My iPhone Breach
September 2, 2014, 3:26 PM
Most Popular Articles
HTC Preps Nexus 9 With Nvidia K1 64-Bit "Denver" SoC, Android L Onboard
September 10, 2014, 10:21 PM
Apple iPhone 6, iPhone 6 Plus Reviews Roll In
September 16, 2014, 9:13 PM
Big Media: If You Want Privacy, You're Probably a Pirate
September 18, 2014, 2:57 PM
Apple Cripples NFC in iPhone 6, 6+ With Developer Ban
September 17, 2014, 1:00 PM
"Decepticon" Driver Triumphs Over Cops in Massachusetts Court
September 5, 2014, 12:07 PM
Latest Blog Posts
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information