In testimony before Congress, Target has said that it was only after the U.S. Department of Justice notified the retailer about the breach in mid-December that company investigators went back to figure out what happened. What it hasn’t publicly revealed: Poring over computer logs, Target found FireEye’s alerts from Nov. 30 and more from Dec. 2, when hackers installed yet another version of the malware. Not only should those alarms have been impossible to miss, they went off early enough that the hackers hadn’t begun transmitting the stolen card data out of Target’s network. Had the company’s security team responded when it was supposed to, the theft that has since engulfed Target, touched as many as one in three American consumers, and led to an international manhunt for the hackers never would have happened at all.
Simply amazing how Target managed to overlook alerts – more than once – from their hired security firm.
And they’re paying a price for it:
More than 90 lawsuits have been filed against Target by customers and banks for negligence and compensatory damages. That’s on top of other costs, which analysts estimate could run into the billions. Target spent $61 million through Feb. 1 responding to the breach, according to its fourth-quarter report to investors. […] Target’s profit for the holiday shopping period fell 46 percent from the same quarter the year before; the number of transactions suffered its biggest decline since the retailer began reporting the statistic in 2008.