Target Knew Of Hack, Failed To Act

The good news for Target and its customers is that the retailer’s robust IT system detected the massive holiday season hack that affected tens of millions of accounts before it ever happened. The bad news is that Target failed to act on that detection, and the rest is history.

According to Bloomberg, Target’s security tools detected the malware used in the hack as early as November 30th, and the thieves weren’t able to remove any data until December 2nd, which means that there were a couple of days wherein the threat couild have been mitigated. Bloomberg asserts that it was human error that led to the hack from there: Once the malware was flagged, the alert was forwarded to a security center in Minneapolis, where the issue was dropped. No one did anything about it.

Target hack
Credit: Bloomberg

If Bloomberg’s reporting is accurate, this potentially makes Target liable for all sorts of lawsuits, which are brewing now. Worse, it points to the main problem with any security measure, which is that humans are often the weakest link in the chain.