In an epic loss of customer information, 40 million credit card numbers and personal data from 70 million customers were stolen during an attack on Target that lasted from Nov. 27 to Dec. 18, when the big box store finally shut it down. But should Target have caught on earlier?
Bloomberg Businessweek reports that Target officials could have been made aware of the attack on Nov. 30 and again on Dec. 2. On both days the big-box store’s malware detection software, made by FireEye, sent an alert to Target's security monitors in Bangalore, India, who then contacted Target's security team in Minneapolis. But for some reason, they apparently didn't respond to either alert.
Congress is now investigating the situation, and congressional testimony shows that federal law enforcement officials got in touch with Target about the breach on Dec. 12. Businessweek spoke to 18 people who either worked on Target's cybersecurity in the past or have specific internal knowledge of the breach.
The story they tell is of an alert system, installed to protect the bond between retailer and customer, that worked beautifully. But then, Target stood by as 40 million credit card numbers—and 70 million addresses, phone numbers, and other pieces of personal information—gushed out of its mainframes.
Target is not the first company to experience mass group denial about a security problem and miss an opportunity to deal with it as a result. In December, news broke that SnapChat had known about flaws in its user information security for four months and hadn't done anything to close the loopholes. And even when the company was forced to acknowledge the weakness publicly, it still took two weeks to release an update and correct the problem.
If the situation seems totally incomprehensible, think about your personal devices. Do you download every software update or patch the moment it’s released? The situation with Target is negligent, whereas failing to download an update on a personal device tends to stem from laziness and usually has consequences only for yourself. But they may share a common root feeling: It'll never happen to me. Except then it did happen.
TODAY IN SLATE
Smash and Grab
Will competitive Senate contests in Kansas and South Dakota lead to more late-breaking races in future elections?
Stop Panicking. America Is Now in Very Good Shape to Respond to the Ebola Crisis.
The 2014 Kansas City Royals Show the Value of Building a Mediocre Baseball Team
The GOP Won’t Win Any Black Votes With Its New “Willie Horton” Ad
Sleater-Kinney Was Once America’s Best Rock Band
Can it be again?
Forget Oculus Rift
This $25 cardboard box turns your phone into an incredibly fun virtual reality experience.