|
 "With the benefit of hindsight, we are investigating whether if
different judgments had been made the outcome may have been
different," company spokeswoman Molly Snyder said in a statement.
The disclosure came after Bloomberg Businessweek reported on
Thursday that Target's security team in Bangalore had received
alerts from a FireEye Inc security system on November 30 after the
attack was launched and sent them to Target headquarters in
Minneapolis.
The FireEye reports indicated malicious software had appeared in the
system, according to a person whom Bloomberg Businessweek had
consulted on Target's investigation but was not authorized to speak
publicly on the matter.
The alert from FireEye labeled the threat with the generic name
"malware.binary," according to Bloomberg Businessweek. Two security
experts who advise organizations in responding to cyber attacks and
both have experience using FireEye technology said that security
personnel typically don't get excited about such generic alerts
because FireEye does not provide much information about those
threats.
The experts said that they believed it was likely that Target's
security team received hundreds of such alerts on a daily basis,
which would have made it tough to have singled out that threat as
being particularly malicious.
"They are bombarded with alerts. They get so many that they just
don't respond to everything," said Shane Shook, an executive with
Cylance Inc. "It is completely understandable how this happened."
John Strand, owner of Black Hills Information Security, said that it
was easy to paint Target as being incompetent, given the severity of
the breach, but that it was not fair to do so.
"Target is a huge organization. They probably get hundreds of these
alerts a day," he said. "We can always look for someone to blame.
Sometimes it just doesn't work that way."
Target Chief Financial Officer John Mulligan told a congressional
committee in February that the company only began investigating
after on December 12, when the U.S. Justice Department warned the
company about suspicious activity involving payment cards. Within
three days, nearly all the malicious software had been removed from
Target's cash registers, he said. FOLLOW-UP DIDN'T SEEM WARRANTED
"Through our investigation, we learned that after these criminals
entered our network, a small amount of their activity was logged and
surfaced to our team. That activity was evaluated and acted upon,"
Snyder said. "Based on their interpretation and evaluation of that
activity, the team determined that it did not warrant immediate
follow up."
[to top of second column] |
Target shares fell 2 percent to $59.86 in late afternoon trading on
the New York Stock Exchange after the company released the
statement.
Some 40 million payment card records were stolen from the retailer,
along with 70 million other records with customer information such
as addresses and telephone numbers.
Congress is investigating the breach along with lapses at other
retailers, and credit card companies were pushing for better
security.
Target also faces dozens of potential class-action lawsuits and
action from banks that could seek reimbursement for millions of
dollars in losses due to fraud and the cost of card replacements.
A spokesman for FireEye declined to comment. FireEye shares were up
1.8 percent at $79.05 on Nasdaq.
Representatives for the U.S. Secret Service and Verizon
Communications Inc, which are investigating Target's breach,
declined to comment.
FireEye has a function that automatically deletes malicious
software, but it had been turned off by Target's security team
before the hackers' attack, the Bloomberg report said, citing two
people who audited FireEye's role after the breach.
Shook and Strand said that the vast majority of FireEye's customers
turn off that functionality because it is known for incorrectly
flagging data as malware, which can halt email and Web traffic for
business users.
"FireEye ... is cutting edge," Strand said. "But it takes love and
care and feeding. You have to watch it and monitor it."
(Editing by Stephen Powell, Richard Valdmanis, Amanda Kwan and
Cynthia Osterman)
[© 2014 Thomson Reuters. All rights
reserved.] Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
