Last year, Target announced that its retail systems got hacked and over 40 million of its customers’ credit card details were affected by the hack.
And now, according to a recent report by Bloomberg, Target knew about the potential hack to its systems quite some time before the hack happened.
In testimony before Congress, Target has said that it was only after the U.S. Department of Justice notified the retailer about the breach in mid-December that company investigators went back to figure out what happened. What it hasn’t publicly revealed: Poring over computer logs, Target found FireEye’s alerts from Nov. 30 and more from Dec. 2, when hackers installed yet another version of the malware. Not only should those alarms have been impossible to miss, they went off early enough that the hackers hadn’t begun transmitting the stolen card data out of Target’s network.
The Timeline of the Hack
The timeline of the hack reveals a series of missed opportunities for Target to prevent the breach. On November 30, FireEye, a cybersecurity firm employed by Target, detected suspicious activity and sent alerts. These alerts were followed by additional warnings on December 2, indicating that malware had been installed on Target’s systems. Despite these early warnings, the alarms were not acted upon in time to prevent the hackers from accessing and eventually transmitting the stolen data.
The hackers were able to install malware on Target’s point-of-sale (POS) systems, which allowed them to capture credit card information as customers made purchases. This malware was sophisticated enough to avoid detection by traditional antivirus software, making the alerts from FireEye crucial. Unfortunately, these alerts were not escalated to the appropriate level of urgency within Target’s IT department.
Impact and Response
The impact of the hack was significant, affecting over 40 million credit card accounts and leading to a loss of consumer trust. The breach also resulted in numerous lawsuits and a substantial financial cost for Target. The company had to invest heavily in improving its cybersecurity measures and compensating affected customers.
In response to the breach, Target took several steps to enhance its security protocols. The company accelerated its adoption of chip-and-PIN technology for its credit cards, which provides an additional layer of security compared to traditional magnetic stripe cards. Target also increased its investment in cybersecurity personnel and technology, aiming to prevent similar incidents in the future.
Head on over to Bloomberg to find out more information about what was discovered in the Target hack. It looks like Target could have prevented the hack from taking place.
Source Gizmodo
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.