+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Target Was Warned Its Credit Card Data Was Being Stolen - And For 12 Straight Days Did Nothing About It

Mar 13, 2014, 19:45 IST

Patrick Hoesly / Flickr, CC

Bloomberg Businessweek has published a damning cover story on the massive Target hack that compromised the credit and debit card data of 40 million customers last year.

Advertisement

Hackers stole the information stored on the magnetic strip on the backs of credit and debit cards, using malware installed in the company's security and payments systems from Nov. 27 to Dec. 15.

Bloomberg Businessweek says that six weeks before the hack, Target paid $1.6 million to install a malware detection tool on its systems, which was monitored around the clock by security specialists in Bangalore.

When hackers installed malware to extract compromised data on Nov. 30, the security specialists sent an urgent alert to Target's security team in Minneapolis, according to Bloomberg Businessweek. When hackers installed more malware and began extracting data on Dec. 2, Target reportedly received another alert.

Yet Target apparently did nothing.

Advertisement

Moreover, it reportedly ignored alerts from another antivirus system, and also reportedly had declined to use an option that would have automatically deleted malware as soon as it was detected.

The retailer later told Congress that it did not figure out what happened until after the U.S. Department of Justice notified the company about the hack on Dec. 12. In other words, Target was warned that hackers were removing credit card numbers from Target's system and for 12 days straight the company did nothing about it.

Target gave this statement to Bloomberg Businessweek:

Target was certified as meeting the standard for the payment card industry (PCI) in September 2013. Nonetheless, we suffered a data breach. As a result, we are conducting an end-to-end review of our people, processes and technology to understand our opportunities to improve data security and are committed to learning from this experience. While we are still in the midst of an ongoing investigation, we have already taken significant steps, including beginning the overhaul of our information security structure and the acceleration of our transition to chip-enabled cards. However, as the investigation is not complete, we don't believe it's constructive to engage in speculation without the benefit of the final analysis.

These kinds of hacks are not new.

Advertisement

In 2012, 63 Barnes & Noble stores suffered a data breach in which customer information was stolen. In 2007, discount retailer TJ Maxx learned thieves used its stores' wireless networks to access systems at its headquarters where card data was stored. And hackers installed malware on the internal systems of credit card processor Heartland Payment Systems in 2009 to steal data from 130 million cards.

For more on the hack, check out the Bloomberg Businessweek story >

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article