Target missed crucial internal warnings about lurking malware
By Jennifer Bjorhus, Star Tribune (Minneapolis) | |
McClatchy-Tribune Information Services |
Quoting mostly unnamed sources,
The warning could have been a critical opportunity to derail the theft of personal or payment information for as many as 110 million Target shoppers, one of the country's largest consumer data breaches. The cyberattack, which occurred from
"I just think it's shocking that it could have been prevented,"
Last year, Target installed a
There's a function in the system to automatically delete the malware it finds, but the security team had turned it off, according to
Target confirmed Thursday that the company had detected "a small amount of ... activity" by the cyberthieves before the full scale of the breach was revealed.
"That activity was evaluated and acted upon," company spokeswoman
"With the benefit of hindsight, we are investigating whether, if different judgments had been made the outcome may have been different," she said.
Target declined further comment.
A former Target IT employee said he doesn't think Target had fully integrated
Lanterman called
Some data security specialists said it's not uncommon for security specialists to disable something like an automatic delete function because they like to be "hands on" and examine threats.
Lanterman noted that he e-mailed
"Any 17-year-old can do it," he said of the rogue access point. "I think it's pretty scary."
He never heard back from anyone. "No one bothered to call and say 'Tell me more about this,'?" he said.
Lanterman said he noticed a similar issue on MNsure's health insurance website, and agency officials fixed it in January. "We've worked with a number of banks that had the same flaw," Lanterman said.
Nonetheless, Hall said he couldn't understand the process breakdown. "Why didn't somebody bring it up?"
A security architect from
"You have this complex security and monitoring infrastructure. How to you get information and findings out of that infrastructure or actionable intelligence to decisionmakers?" he said. "This is not isolated to Target."
___
(c)2014 the Star Tribune (Minneapolis)
Visit the Star Tribune (Minneapolis) at www.startribune.com
Distributed by MCT Information Services
Wordcount: | 837 |
Participants in Minnesota safe-driving classes sue for $2M refund
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News