Popular retailer Target had multiple warnings that a credit and debit card breach was underway, but still didn't do enough to try and stop the problem.
A recent series of interviews with more than 10 former Target employees, and a handful of people familiar with the attack indicate the company was aware of a data breach underway - and the alert system worked - signaling malware was installed before being publicly disclosed.
"I don't think it is about not paying attention to the technologies as much as fine tuning for actionable, relevant information from the technology," said Joe Schumacher, Neohapsis security consultant, in a statement to SCMagazine. "Many security systems (e.g. Web application firewall, log monitoring, intrusion Detection/Prevention Systems, etc.) correlate large amounts of data into a single repository. Unfortunately, a lot of companies and professional services stop here."
Six months before the successful data breach, Target installed a $1.7 million security platform, the report indicates.
Former Target CIO Beth Jacob quit as the company continues to try and rebound from the major data theft which affected more than 70 million customers. The store now faces more than 90 lawsuits following the data breach, which is the largest and most successful retail hack - and an indication that malware is a successful tool to steal customer information.