Target declined to act on early alert of cyber breachBy JIM FINKLE and SUSAN HEAVEY
March 13. 2014 7:21PM
BOSTON/WASHINGTON — Target Corp.’s security software detected potentially malicious activity during last year’s massive data breach, but its staff decided not to take immediate action, the No. 3. U.S. retailer said on Thursday.
“With the benefit of hindsight, we are investigating whether if different judgments had been made the outcome may have been different,” company spokeswoman Molly Snyder said in a statement.
The disclosure came after Bloomberg Businessweek reported on Thursday that Target’s security team in Bangalore had received alerts from a FireEye Inc. security system on Nov. 30 after the attack was launched and sent them to Target headquarters in Minneapolis.
The FireEye reports indicated malicious software had appeared in the system and that attackers were planning to send stolen data to servers outside of Target’s network, according to a person whom Bloomberg Businessweek had consulted on Target’s investigation but was not authorized to speak publicly on the matter.
Target Chief Financial Officer John Mulligan told a congressional committee in February that the company only began investigating on Dec. 12, when the U.S. Justice Department warned the company about suspicious activity involving payment cards. Within three days, nearly all the malicious software had been removed from Target’s cash registers, he had said.
“Through our investigation, we learned that after these criminals entered our network, a small amount of their activity was logged and surfaced to our team. That activity was evaluated and acted upon,” Snyder said. “Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow up.”
Target shares fell 2 percent to $59.86 in late afternoon trading on the New York Stock Exchange after the company released the statement.
Some 40 million payment card records were stolen from the retailer, along with 70 million other records with customer information such as addresses and telephone numbers.
Congress is investigating the breach along with lapses at other retailers, and credit card companies were pushing for better security.
Target also faces dozens of potential class-action lawsuits and action from banks that could seek reimbursement for millions of dollars in losses due to fraud and the cost of card replacements. A spokesman for FireEye declined to comment. FireEye shares were up 1.8 percent at $79.05 on Nasdaq.
Representatives for the U.S. Secret Service and Verizon Communications Inc., which are investigating Target’s breach, declined to comment.
FireEye has a function that automatically deletes malicious software, but it had been turned off by Target’s security team before the hackers’ attack, the Bloomberg report said, citing two people who audited FireEye’s role after the breach.
Target Chief Executive Officer Gregg Steinhafel said in a statement to Bloomberg the retailer was reviewing its “people, processes and technology” in the wake of the breach. Target said this month it was overhauling its information security practices.