Target Admits Missing Making Immediate Actions on Security Breach Alert

Target admitted it failed to take immediate actions after its security software detected a possible security breach in November 2013, thus resulting to the biggest data breach compromising and affecting data of more than 100 million customers.

Bloomberg Businessweek reported Thursday that FireEye Inc. had sent security breach alerts, branded as "malware.binary," to Target's security team. However, those alerts were disregarded.

A couple of security experts from Cylance Inc. and Black Hills Information Security dealing with cyber attacks and are familiar with FireEye technology, said that security teams don't get excited about generic alerts, like the "malware.binary." This is because there is not much information about this technology. They believe that Target's security team was flooded with such alerts every day, which would have made it tough to have singled out a malicious threat.

"They are bombarded with alerts. They get so many that they just don't respond to everything," said Shane Shook, an executive with Cylance Inc., to Reuters. "It is completely understandable how this happened."

In a statement to Reuters, Target spokeswoman Molly Snyder said, "With the benefit of hindsight, we are investigating whether if different judgments had been made the outcome may have been different."

During a congressional committee in February, John Mulligan, Target's chief financial officer, said that the investigation of the security breach has commenced on Dec. 12, after the U.S. Department of Justice warned them about suspicious activities involving payment cards, like credit cards and debit cards.

He added that just after three days, the malicious software has already been removed to nearly all cash registers.

However, Target might face numerous potential class-action lawsuits and action from banks that could seek reimbursement for millions of dollars in losses due to the security breach and the cost of card replacements.

The Congress, on the other hand, is also investigating the massive breach and possible lapses at other retailers. It also urges credit card companies to implement better security.

Real Time Analytics