Retailer Target Brands Inc. has given the impression that it was caught unawares when hackers broke into its systems and stole millions of pieces of personal data on customers.
But according to BusinessWeek an advanced malware detection tool that had been installed six months before sent out warnings – warnings that were ignored.
It’s a deliciously detailed article that, if true, might in part explain the departure of the company’s chief information officer earlier this month.
Publicly, Target has said it only learned about the breach in mid-December when notified by the Department of Justice.
But what it hasn’t revealed is that security staff then went over the logs of the recently-installed tools from FireEye and they found alarms that, in the publication’s account, should have been “impossible to miss.”
The story says the attack began a few days before U.S. Thanksgiving (Nov. 28) when the malware was installed to capture the data. Two days later they added code that pointed where it should go. That was spotted by FireEye, which sent a message first to a Target security office in India, which relayed it to headquarters in the U.S.
Data started departing Target systems on Dec. 2 and apparently continued for two weeks. It was initially sent to several sites in the U.S., perhaps to disguise the theft, and then to Russia.
It’s not that Target is indifferent to network security, the article points out, having IT security staff of about 300 (and the wit to buy a sophisticated detection tool).
The article notes the manager of the security operations centre had left the company and not been replaced by the time of the attack, which may figure in the chain of failures. An automatic FireWire tripwire to stop the malware was also turned off, but arguably that is done in many data centers to ensure people make crucial decisions and not software.
For its part, Target says the attack is still under investigation. But my guess is the company heads are going to have to appear before Congress again.