Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It


The biggest retail hack in U.S. history wasn't particularly inventive, nor did it appear destined for success. In the days prior to Thanksgiving 2013, someone installed malware in Target's (TGT) security and payments system designed to steal every credit card used at the company's 1,797 U.S. stores. At the critical moment-when the Christmas gifts had been scanned and bagged and the cashier asked for a swipe-the malware would step in, capture the shopper's credit card number, and store it on a Target server commandeered by the hackers.

It's a measure of how common these crimes have become, and how conventional the hackers' approach in this case, that Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon. Target had a team of security specialists in Bangalore to monitor its computers around the clock. If Bangalore noticed anything suspicious, Target's security operations center in Minneapolis would be notified.

On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data's escape route. As they uploaded exfiltration malware to move stolen credit card numbers-first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia-FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis. And then ...

Nothing happened.

Read the whole story at Bloomberg.com


More From Bloomberg:

Increase your money and finance knowledge from home

Goal Setting

Want to succeed? Then you need goals!

View Course »

Getting out of debt

Everyone hates debt. Get out of it.

View Course »

Add a Comment

*0 / 3000 Character Maximum

11 Comments

Filter by:
penrosecottage

This is why I use cash at Target, Wal Mart and sears, you can't trust them any more.

March 15 2014 at 9:50 PM Report abuse +1 rate up rate down Reply
potmind

The crash in was detected but the warning was ignored. Chain of command broken to save jobs' costs? Lack of contingency plans. Does this mean that Target has no insurance coverage either?

March 15 2014 at 8:14 PM Report abuse +2 rate up rate down Reply
Bonnie

I recently received a new credit card from my credit card company because of the Target incident. If I wore the shoes of this card company, I would sue the butt off of Target.

I can't even imagine what it costs to change the account numbers and issue new credit cards to all the customers who purchased at Target during that time frame.

March 15 2014 at 7:31 PM Report abuse +1 rate up rate down Reply
zds2148

Target really Sucks if you have a CC W/TARGET cancel please!!!

March 15 2014 at 2:30 PM Report abuse +2 rate up rate down Reply
chamakinc

target is a horrible workplace treat their employees like slaves. couldn't happen to a better store although i feel sorry for the consumers. wish they would go bankrupt but i think they're too big for that.

March 15 2014 at 1:55 PM Report abuse rate up rate down Reply
1 reply to chamakinc's comment
Jeff

Just look at the ownership of Target. He is the Governor of Minnesota and a liberal Democrat. He supported Obama's call for equality in wages and overtime for salaried employees, yet nothing has been done or will be done at Target for their employees. Another liberal double standard while everyone blames the Republicans for not doing anything about wealth distribution.

March 15 2014 at 3:25 PM Report abuse +1 rate up rate down Reply
1 reply to Jeff's comment
betty_brock

Libs are such hypocrites.

March 15 2014 at 4:25 PM Report abuse rate up rate down
scottee

congress "blows" it all the time. and we pay them six figures and benefits for life...why? am I the only person outraged that both parties in congress living in luxury and choose power and deficit spending over fiscal responsibility?

March 15 2014 at 9:05 AM Report abuse +7 rate up rate down Reply
3 replies to scottee's comment