A report from Bloomberg Businessweek reveals that Target received warnings from its own security specialists about last year’s massive security breach well before consumer data was stolen, but failed to act. A team of security specialists in Bangalore India, armed with a malware detection tool made by FireEye, Inc., flagged the malware uploaded by hackers as a high-priority problem on Nov. 30, 2013. This was after Target’s point-of-sale system had been infected, but before the data had been passed on to the hackers themselves. In fact, it’s reported that the Fire Eye tool could have deleted the malware automatically but that option was turned off.
The security team in India alerted Target officials in Minneapolis, Minn., about a possible data breach on the same date – Nov. 30, 2013. They also found more possible data breaches on December 2, when more malware surfaced. Such warnings, if responded to, could have shortened the massive data breach that affected millions of customers who shopped at Target between November 27 and December 18. Approximately 40 million customers who used their credit or debit cards at Target during the height of the U.S. holiday shopping season had their records/data stolen. Additionally, 70 million customers had their personal information such as names, addresses, telephone numbers email addresses stolen. Target issued the following statement on Thursday, March 13, 2014:
Through our investigation, we learned that after these criminals entered our network, a small amount of their activity was logged and surfaced to our team. That activity was evaluated and acted upon. Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow-up. With the benefit of hindsight, we are investigating whether if different judgments had been made the outcome may have been different.
The company failed to respond to questions by media outlets regarding the timing of above referenced evaluation. Ironically, the day after releasing the above referenced statement, Target warned that the data breach might be more extensive than the 40 million and 70 million figures known to date. In its 10-k annual report filed with the Securities and Exchange Commission (SEC) on March 14, 2014, Target stated, “Our investigation of the matter is ongoing and it is possible that we will identify additional information that was accessed or stolen, which could materially worsen the losses and reputational damage we have experienced.”
It will be interesting to see what develops as we go forward in the Target litigation. If you need further information on any aspect of the litigation, contact Larry Golston, a lawyer in our firm’s Consumer Fraud Section, at 800-898-2034 or by email at Larry.Golston@beasleyallen.com.
Sources: www.nbcnews.com; and www.msn.com
Contact us today for a free legal consultation with an experienced attorney.
Fields marked *may be required for submission.
If you would like to subscribe to the Jere Beasley Report digital edition, simply visit our Subscriptions page and provide the necessary information or call us at 800-898-2034.
Attorney Advertising - Prior results do not guarantee a similar outcome.