Target says it investigated but dismissed early signs of breach

A 'small amount' of possible activity was logged prior to a warning from the US Department of Justice

Article comments

Target said Thursday it investigated but ultimately dismissed early signs of a data breach, a decision it likely regrets after suffering one of the largest payment-card and personal-data breaches on record.

The retailer said it logs a vast number of technical events each week, and "a small amount of [the criminals'] activity was logged and surfaced to our team. That activity was evaluated and acted upon," Molly Snyder, a Target spokeswoman, said in an emailed statement on Thursday.

"Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow up," Snyder wrote. "With the benefit of hindsight, we are investigating whether, if different judgments had been made the outcome may have been different."

The breach of Target's network resulted in the loss of 40 million payment card details, plus 70 million other personal records, causing U.S. lawmakers to question whether companies are doing enough to protect personal data. Target's data was stolen between Nov. 27 and Dec. 15, the busiest shopping period in the U.S.

Snyder wrote that despite investing hundreds of millions of dollars in security, "the unfortunate reality is that we experienced a data breach."

She declined to provide a timeline for the early clues, but said the retailer was notified by the U.S. Department of Justice of a possible breach on Dec. 12. Target confirmed the breach three days later.

Target's cash registers, known as point-of-sale (POS) terminals, were infected with a type of malware called a "RAM scraper." The malware recorded payment card details after a card was swiped and the unencrypted data briefly sat in a system's memory.

Security experts believe a variant of "Kaptoxa," also called "BlackPOS ," was used against Target. The malware was spotted by security companies as early as March 2013. 

The style of attack, which also affected luxury retailer Neiman Marcus, was notable for finding weaknesses despite a long-running effort to implement better security around card handling with the Payment Card Industry's Data Security Standard (PCI-DSS).

Send news tips and comments to Follow me on Twitter: @jeremy_kirk



  • Henry Hertz Hobbit Standards come and go and some of them fall way short of their intended goal You stick a memory pointer into some other processess memory space on Unix Linux FreeBSD OpenBSD or any of the other Unix-like systems Then try to read it and see what happens Here I will do it using memcpy voodooSegmentation faultSource code for test and other fileshttpwwwsecuremeccacompubhttpwwwsecuremeccacompubWithout the concept of users groups and permissions which are not only part of file systems but also processes you are hosed Apple II Macintosh pre-OSX CPM DOS FAT16 amp FAT32 and Windows NTFS do not have robust ownership and usage flags and will proably allow scraping All other modern operating systems for major desktops and servers have these ownership and usage provisions Actually the Unix and Unix-like systems are less robust than IBM main-frames OS400 IBM mini-computers or OpenVMS You start with something that doesnt even allow memory scraping and build your standards up from there That is called the barn doors closed approachPart of your operating standard is to not dismiss anomalies from normal operations but proceed with a thorough investigation until you fully understand what is happening
Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *