Target missed important warnings before security breach: report
The Target computer hack may have been preventable, according to a new report.
Reuters
Late last year, Target acknowledged that hackers had broken into the company's computer network, potentially putting the personal information of tens of millions of consumers at risk. It was, as some onlookers noted, nothing short of a "disaster."
Now comes news that the company may have failed to act on warnings about the impending breach. In a cover story for this week's Bloomberg Businessweek, reporters Michael Riley, Ben Elgin, Dune Lawrence, and Carol Matlack allege that Target received alerts from its FireEye security platform, but that the alerts went unheeded in Target's Minneapolis HQ.
Initially, Target told Businessweek that it was engaged in an ongoing investigation, and that reps didn't "believe [it was] constructive to engage in speculation without the benefit of the final analysis." Today, in the wake of the Businessweek story, the company issued a new statement.
"Through our investigation, we learned that after these criminals entered our network, a small amount of their activity was logged and surfaced to our team. That activity was evaluated and acted upon," Molly Snyder, a spokesperson for Target, told Reuters. "Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow up."
Ms. Snyder added that, "with the benefit of hindsight, we are investigating whether if different judgments had been made the outcome may have been different."
The breach, coming as it did in the midst of the holiday shopping season, was seen as particularly damaging to Target, which now must fight to regain trust from consumers. Part of that process may be the exit of security chief Beth Jacobs, who announced earlier this month that she was resigning from her post immediately.
"To ensure that Target is well positioned following the data breach we suffered last year, we are undertaking an overhaul of our information security and compliance structure and practices at Target," CEO Gregg Steinhafel said at the time.