Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It

The biggest retail hack in U.S. history wasn't particularly inventive, nor did it appear destined for success. In the days prior to Thanksgiving 2013, someone installed malware in Target's (TGT) security and payments system designed to steal every credit card used at the company's 1,797 U.S. stores. At the critical moment-when the Christmas gifts had been scanned and bagged and the cashier asked for a swipe-the malware would step in, capture the shopper's credit card number, and store it on a Target server commandeered by the hackers.

It's a measure of how common these crimes have become, and how conventional the hackers' approach in this case, that Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon. Target had a team of security specialists in Bangalore to monitor its computers around the clock. If Bangalore noticed anything suspicious, Target's security operations center in Minneapolis would be notified.

On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data's escape route. As they uploaded exfiltration malware to move stolen credit card numbers-first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia-FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis. And then ...

Nothing happened.

Read the whole story at Bloomberg.com

More From Bloomberg:

Increase your money and finance knowledge from home

Timing Your Spending

How to pay less by changing when you purchase.

View Course »

Introduction to Retirement Funds

Target date funds help you maintain a long term portfolio.

View Course »

Add a Comment

*0 / 3000 Character Maximum


Filter by:

This is why I use cash at Target, Wal Mart and sears, you can't trust them any more.

March 15 2014 at 9:50 PM Report abuse +1 rate up rate down Reply

The crash in was detected but the warning was ignored. Chain of command broken to save jobs' costs? Lack of contingency plans. Does this mean that Target has no insurance coverage either?

March 15 2014 at 8:14 PM Report abuse +2 rate up rate down Reply

I recently received a new credit card from my credit card company because of the Target incident. If I wore the shoes of this card company, I would sue the butt off of Target.

I can't even imagine what it costs to change the account numbers and issue new credit cards to all the customers who purchased at Target during that time frame.

March 15 2014 at 7:31 PM Report abuse +1 rate up rate down Reply

Target really Sucks if you have a CC W/TARGET cancel please!!!

March 15 2014 at 2:30 PM Report abuse +2 rate up rate down Reply

target is a horrible workplace treat their employees like slaves. couldn't happen to a better store although i feel sorry for the consumers. wish they would go bankrupt but i think they're too big for that.

March 15 2014 at 1:55 PM Report abuse rate up rate down Reply
1 reply to chamakinc's comment

Just look at the ownership of Target. He is the Governor of Minnesota and a liberal Democrat. He supported Obama's call for equality in wages and overtime for salaried employees, yet nothing has been done or will be done at Target for their employees. Another liberal double standard while everyone blames the Republicans for not doing anything about wealth distribution.

March 15 2014 at 3:25 PM Report abuse +1 rate up rate down Reply
1 reply to Jeff's comment

Libs are such hypocrites.

March 15 2014 at 4:25 PM Report abuse rate up rate down

congress "blows" it all the time. and we pay them six figures and benefits for life...why? am I the only person outraged that both parties in congress living in luxury and choose power and deficit spending over fiscal responsibility?

March 15 2014 at 9:05 AM Report abuse +7 rate up rate down Reply
3 replies to scottee's comment