Report: Target Could Have Prevented That Enormous Data Breach

The Citizen's Guide to the Future
March 13 2014 6:27 PM

Report: Target Could Have Prevented That Enormous Data Breach

target
Target could have stopped or drastically reduced the impact of a malware attack that compromised personal data from thousands of shoppers

Photo from Shutterstock.

In an epic loss of customer information, 40 million credit card numbers and personal data from 70 million customers were stolen during an attack on Target that lasted from Nov. 27 to Dec. 18, when the big box store finally shut it down. But should Target have caught on earlier?

Bloomberg Businessweek reports that Target officials could have been made aware of the attack on Nov. 30 and again on Dec. 2. On both days the big-box store’s malware detection software, made by FireEye, sent an alert to Target's security monitors in Bangalore, India, who then contacted Target's security team in Minneapolis. But for some reason, they apparently didn't respond to either alert.

Advertisement

Congress is now investigating the situation, and congressional testimony shows that federal law enforcement officials got in touch with Target about the breach on Dec. 12. Businessweek spoke to 18 people who either worked on Target's cybersecurity in the past or have specific internal knowledge of the breach.

The story they tell is of an alert system, installed to protect the bond between retailer and customer, that worked beautifully. But then, Target stood by as 40 million credit card numbers—and 70 million addresses, phone numbers, and other pieces of personal information—gushed out of its mainframes.

Target is not the first company to experience mass group denial about a security problem and miss an opportunity to deal with it as a result. In December, news broke that SnapChat had known about flaws in its user information security for four months and hadn't done anything to close the loopholes. And even when the company was forced to acknowledge the weakness publicly, it still took two weeks to release an update and correct the problem.

If the situation seems totally incomprehensible, think about your personal devices. Do you download every software update or patch the moment it’s released? The situation with Target is negligent, whereas failing to download an update on a personal device tends to stem from laziness and usually has consequences only for yourself. But they may share a common root feeling: It'll never happen to me. Except then it did happen.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.

TODAY IN SLATE

Politics

Talking White

Black people’s disdain for “proper English” and academic achievement is a myth.

Alabama’s Insane New Abortion Law Gives Fetuses Lawyers and Puts Teenage Girls on Trial

Tattoo Parlors Have Become a Great Investment

A Jaw-Dropping Political Ad Aimed at Young Women, Apparently

The XX Factor
Oct. 1 2014 4:05 PM Today in GOP Outreach to Women: You Broads Like Wedding Dresses, Right?

Big Problems With the Secret Service Were Reported Last Year. Nobody Cared.

Crime

Operation Backbone

How White Boy Rick, a legendary Detroit cocaine dealer, helped the FBI uncover brazen police corruption.

Hong Kong’s Protesters Are Ridiculously Polite. That’s What Scares Beijing So Much.

This Gargantuan Wind Farm in Wyoming Would Be the Hoover Dam of the 21st Century

Moneybox
Oct. 1 2014 8:34 AM This Gargantuan Wind Farm in Wyoming Would Be the Hoover Dam of the 21st Century To undertake a massively ambitious energy project, you don’t need the government anymore.
  News & Politics
Politics
Oct. 2 2014 11:01 AM It Wasn’t a Secret A 2013 inspector general report detailed all of the Secret Service’s problems. Nobody cared.
  Business
Moneybox
Oct. 2 2014 12:58 PM Why Can’t States Do More to Protect Patients From Surprise Medical Bills? It’s complicated.
  Life
Lexicon Valley
Oct. 2 2014 1:05 PM What's Wrong With "America's Ugliest Accent"
  Double X
The XX Factor
Oct. 2 2014 12:37 PM St. Louis Study Confirms That IUDs Are the Key to Lowering Teen Pregnancy Rates
  Slate Plus
Behind the Scenes
Oct. 1 2014 3:24 PM Revelry (and Business) at Mohonk Photos and highlights from Slate’s annual retreat.
  Arts
Brow Beat
Oct. 2 2014 1:29 PM Want to Know What Makes David Fincher Great? Focus on What He Doesn’t Do.
  Technology
Future Tense
Oct. 2 2014 1:22 PM If Someone Secretly Controlled What You Say, Would You Notice? What cyranoid experiments reveal about how people act.  
  Health & Science
Science
Oct. 2 2014 12:53 PM The Panic Virus How public health officials are keeping Americans calm about the Ebola threat.
  Sports
Sports Nut
Oct. 1 2014 5:19 PM Bunt-a-Palooza! How bad was the Kansas City Royals’ bunt-all-the-time strategy in the American League wild-card game?