Target Ignored Malware Warnings, Could Have Prevented Data Breach
The biggest retail hack in U.S. history wasn’t particularly inventive, nor did it appear destined for success. In the days prior to Thanksgiving 2013, someone installed malware in Target’s (TGT) security and payments system designed to steal every credit card used at the company’s 1,797 U.S. stores. At the critical moment—when the Christmas gifts had been scanned and bagged and the cashier asked for a swipe—the malware would step in, capture the shopper’s credit card number, and store it on a Target server commandeered by the hackers.
It’s a measure of how common these crimes have become, and how conventional the hackers’ approach in this case, that Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon. Target had a team of security specialists in Bangalore to monitor its computers around the clock.
If Bangalore noticed anything suspicious, Target’s security operations center in Minneapolis would be notified.
On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route. As they uploaded exfiltration malware to move stolen credit card numbers—first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia—FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis. And then …
For some reason, Minneapolis didn’t react to the sirens. Bloomberg Businessweek spoke to more than 10 former Target employees familiar with the company’s data security operation, as well as eight people with specific knowledge of the hack and its aftermath, including former employees, security researchers, and law enforcement officials. The story they tell is of an alert system, installed to protect the bond between retailer and customer, that worked beautifully. But then, Target stood by as 40 million credit card numbers—and 70 million addresses, phone numbers, and other pieces of personal information—gushed out of its mainframes.
See the entire article at:
and also see: http://www.aol.com/article/2014/03/14/businessweek-target-didnt-act-on-data-breach-alerts/20849980/?icid=maing-grid7%7Chtmlws-main-bb%7Cdl24%7Csec1_lnk2%26pLid%3D453846
Target's Chief Info Security Officer 'Quits'
In a 3/5/14 AP article by AP's Anne D'Innocenzio titled: 'Target Tech Chief Resigns as It Overhauls Security' Tarbutt's Chief Information Officer Ms. Beth Jacobs quit having held the position since 2008 with teams in the US and India.
Of course it was most likely a firing but it sounds better if it is
announced as a resignation. CEO Steinhafel's PR attempt to put lipstick on a pig said that Tarbutt will look for a interim CIO for the transformation and then hire outside personnel for the posts of chief information security officer and a chief compliance officer.
Currently Target is using Promontory Financial Group in an attempt to find out what happened in the Mid-December data theft and improve its flawed technology. Work continues on its $100 million plan to move from the magnetic stripe cards to the more secure chip type card.
The full AP article is available at:
Target's Canadian stores lose nearly $1 billion US in under one year
BY LINDA NGUYEN, CANADIAN PRESS FEBRUARY 26, 2014
Full story at: http://www.vancouversun.com/business/Target+Canadian+stores+lose+nearly+billion+since+opening+last/9553242/story.html
Target Corp.'s Canadian stores lost nearly US $1 billion in less than a year of operations as the Minneapolis-based discount retailer began its first expansion outside the United States. For the full year, the Canadian segment lost US $941 billion before excluded items on US $1.3 billion of sales. Target said its annual gross margin rate was 14.9 per cent.
Hopes had been high last year when the chic discount retailer announced it was opening its first stores in Canada after buying some of the properties from the now-defunct Zellers chain.
Since its arrival in March, the retailer has faced high expansion costs and disappointing sales as shoppers complained about near-empty shelves and notably higher prices than at U.S. Target stores.
Despite the rocky start, Target announced last month that it will be continuing with its Canadian expansion with the opening of nine more stores this year. It plans on opening two locations in Mississauga, Ont., and one store each in Toronto, Ottawa and Barrie, Ont. Stores will also be added in Edmonton, Victoria, Winnipeg and Candiac, Que.
Five of the locations will be in former Zellers locations, while the others will be newly constructed stores. By the end of 2014,, Target said it will have a total of 133 locations in Canada.