Bloomberg Business Week published an eye-opening report today outlining how Target had the opportunity to halt a malicious attack that impacted 70 million customers but instead turned a blind eye.
According to the report, the malware – which scooped up 40 million credit card numbers – was installed just days before Thanksgiving 2013. However, six months prior, Target had enlisted the help of California-based security firm FireEye, which installed a malware detection tool on its computer systems. So when the hackers began to set their plan in motion in late November, FireEye’s monitoring team picked up on the suspicious activity and immediately alerted Target’s headquarters in Minneapolis.
The company’s response? There wasn’t one.
In fact, the report alleges if Target had reacted when notified on Nov. 30, and again on Dec. 2, it could have stopped any and all of the stolen data from leaving the system. The FireEye detection software even contains a function where malware is automatically scrubbed from servers, but the Target security team had disabled the feature. The malware was so typical that even Target’s normal antivirus software picked it up.
But Target still didn’t act until Dec. 15, three days after federal law enforcement contacted the company.
Read more of the Bloomberg investigation here.