News has surfaced that Target received warnings from it’s internal security system about last year’s massive data breach but failed to act on it.
Taking advantage of online Christmas shoppers, hackers were able to defeat Targets system, obtaining information from 40 million customer credit cards.
The hack remains one the biggest to date and if Target is found guilty of ignoring security warnings they could face huge consequences.
According to the report, Target had recently installed a digital security system called, FireEye. The software flagged the malware uploaded by the hackers as a ‘high priority’ problem on November 30, 2013. While the malware was already installed, hackers were yet to extract the data. This means that if Target had responded at this point, no data breach would have occurred.
FireEye is an advanced security system that had just been released in May. It also has a function that automatically deletes malware once it is detected, this feature however, was turned off by Target.
Another factor working against Target is the fact that they took so long to alert the public. On December 19, the retail giant announced the breach, a full week after investigators had alerted the company and after data was already stolen.
Since news has surfaced of Target ignoring the initial message by their security software, they released a statement:
“Through our investigation, we learned that after these criminals entered our network, a small amount of their activity was logged and surfaced to our team. That activity was evaluated and acted upon. Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow up. With the benefit of hindsight, we are investigating whether if different judgments had been made the outcome may have been different.”
The breach is still under investigation.