Target Had Multiple Chances to Stop Breach
Late last year, US retailer Target had multiple IT failures that led to 40 million credit cards being leaked. Target lost more than $61 million in breach-related expenditures and incurred a significant decrease to holiday sales. Businessweek has a lengthy article laying out the failures, among them:
- Despite installing FireEye's monitoring technology, security administrators disabled FireEye's option to automatically delete malware as it is detected, allowing the unclassified 'malware.binary' through.
- When Target India's team received the first critical alert from FireEye, they notified the security team at Target's Headquarters in Minneapolis Minnesota, USA, but the report was ignored or simply no action was taken on it.
- Additional critical alerts were generated, but apparently no action was taken on them.
- Symantec Endpoint Protection detected odd behavior on the same server as detected by FireEye, but this did not raise concern.
- The initial illicit access was gained by an outside vendor's stolen credentials, which should not have given as much network access as it did.