The security breach that led to the theft of some 40 million credit cards from Target late last year wasn’t a result of poor security. The company’s state-of-the-art security system did indeed detect the hack as soon as it started and alerts were sent out… but nothing was done until two weeks later until federal investigators issued a warning.
According to a new report from Bloomberg Businessweek, Target started installing FireEye malware software some six months before the attack. And when hackers started uploading their code to Target’s system, the alarm bells – the most urgent on FireEye’s graded scale – went out. As the hackers uploaded different variants of the malware, more alerts were issued that pointed to unfamiliar malware.
Perhaps the worst part of it all – the FireEye security software has a built-in feature that would have automatically deleted the malware without human intervention. Said feature, however, was disabled which reportedly is common as security teams usually like to have a human in charge of those types of decisions.
What’s more, Target also had Symantec anti-virus installed and it too detected suspicious activity around the same time.
So why then did Target seemingly ignore the alerts? The answer isn’t entirely clear although the publication theorizes that perhaps the security team didn’t fully trust the new alert system or maybe a job vacancy was to blame. Regardless, by the time authorities tipped the retailer off, the damage had already been done.