Printed from http://www.electronista.com

Target POS malware found, ignored on November 30, December 2

updated 10:58 am EDT, Thu March 13, 2014

Malware identified before it sent any customer data outside Target

Reports are circulating that Target knew of its "Black Friday" data breach much earlier than it said it did. Allegedly, the company was alerted by security firm FireEye that there was a potential problem as early as November 30, but no action was taken. Additionally, auditors discovered that Target had disabled features of its security suite that could have removed the infection, prior to it purloining millions of sets of customer's payment method data.

Potentially at risk from the intrusion between November 29 and December 15, 2013 are "millions" of customer records, including credit and debit card information. The malware installed into the Target point of sale system affected "nearly all" US Target retail stores, but not the online store.

A report at Businessweek claims that India-based researchers found evidence of the breach after examining logs, and informed Target headquarters on November 30. Additional malware was discovered by the company's own sercurity software on December 2. A series of alarms was issued by the software with a highest-priority warning associated, all of which were ignored by Target security personnel.

Compounding the problem, the software's automatic malware-removal features had been disabled by Target security in the months prior to the intrusion. The malware installation was detected so early, that it had not begun to transmit its payload -- customer data -- back to its creators. Timely action by Target's security staff in pruning the malware would have prevented the entire incident from happening, and would have saved Target millions in corrective actions, the researchers say.

When confronted with the security alerts being made and ignored, Target Chief Executive Gregg Steinhafel said that "Target was certified as meeting the standard for the payment card industry (PCI) in September 2013. Nonetheless, we suffered a data breach." He concluded his brief statement by declaring that "the investigation is not complete" and noted that "we don't believe it's constructive to engage in speculation without the benefit of the final analysis."



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. sammaffei

    Fresh-Faced Recruit

    Joined: 09-04-04

    "the software's automatic malware removal features had been disabled by Target security in the months prior to the intrusion"

    This coupled with giving an outside vendor (an HVAC contractor) total access to your corporate network (including payment processing) smells like an inside job by someone fairly high up in Target security. Any firings or early retirements in the last year like right about when the malware sweeper was turned off. Any memos issued on it?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

IDrive cloud backup and sync service

There are a lot of cloud services out there, and nearly all of them can be used for backing up key files and folders. A few dedicated ...

Asus Chromebook C300

When Chromebooks hit the market back in 2011, consumers didn't know what to do with them. The low-cost laptops, powered by Google's Ch ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

Sponsor

toggle

Most Commented

 
toggle

Popular News