Target knew about their Nov. 27 – Dec. 15 security breach and did nothing about it for 12 days. The breach compromised 40 million credit card numbers, as well as 70 million addresses, phone numbers and other pieces of personal information of customers.
Bloomberg reports that Target had installed the same malware detection as the CIA and Pentagon six month before the attack. The computer security firm FireEye, which cost them $1.6 million, monitored the computers every minute of every day to keep an eye out for breaches.
On Nov. 30, the security caught the hackers’ infiltration in the system and immediately alerted Target headquarters in Minneapolis. The headquarters did nothing to react to the news. Bloomberg Businessweek spoke with former Target higher-ups who dealt with the breach who all said Target did absolutely nothing upon learning of the information compromise.
After the breach, Target testified in front of Congress that they had no knowledge of the hack until the U.S. Department of Justice notified them about the infiltration in mid December. However, logs of communication between FireEye and Target show multiple alarms between Nov. 30 and Dec. 2. If Target had responded to the threat at that time, the credit card information would not have had a chance to be transmitted.
When reached for comment, CEO Gregg Steinhafel issued the following email:
Target was certified as meeting the standard for the payment card industry (PCI) in September 2013. Nonetheless, we suffered a data breach. As a result, we are conducting an end-to-end review of our people, processes and technology to understand our opportunities to improve data security and are committed to learning from this experience. While we are still in the midst of an ongoing investigation, we have already taken significant steps, including beginning the overhaul of our information security structure and the acceleration of our transition to chip-enabled cards. However, as the investigation is not complete, we don’t believe it’s constructive to engage in speculation without the benefit of the final analysis.
With evidence of perjury in front of Congress and complete disregard and lack of action to protect their customers, Target has a real risk of being almost wiped out by the impending lawsuits and investigations.