Printed from http://www.electronista.com

Target POS malware found, ignored on November 30, December 2

updated 10:58 am EDT, Thu March 13, 2014

Malware identified before it sent any customer data outside Target

Reports are circulating that Target knew of its "Black Friday" data breach much earlier than it said it did. Allegedly, the company was alerted by security firm FireEye that there was a potential problem as early as November 30, but no action was taken. Additionally, auditors discovered that Target had disabled features of its security suite that could have removed the infection, prior to it purloining millions of sets of customer's payment method data.

Potentially at risk from the intrusion between November 29 and December 15, 2013 are "millions" of customer records, including credit and debit card information. The malware installed into the Target point of sale system affected "nearly all" US Target retail stores, but not the online store.

A report at Businessweek claims that India-based researchers found evidence of the breach after examining logs, and informed Target headquarters on November 30. Additional malware was discovered by the company's own sercurity software on December 2. A series of alarms was issued by the software with a highest-priority warning associated, all of which were ignored by Target security personnel.

Compounding the problem, the software's automatic malware-removal features had been disabled by Target security in the months prior to the intrusion. The malware installation was detected so early, that it had not begun to transmit its payload -- customer data -- back to its creators. Timely action by Target's security staff in pruning the malware would have prevented the entire incident from happening, and would have saved Target millions in corrective actions, the researchers say.

When confronted with the security alerts being made and ignored, Target Chief Executive Gregg Steinhafel said that "Target was certified as meeting the standard for the payment card industry (PCI) in September 2013. Nonetheless, we suffered a data breach." He concluded his brief statement by declaring that "the investigation is not complete" and noted that "we don't believe it's constructive to engage in speculation without the benefit of the final analysis."



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. sammaffei

    Fresh-Faced Recruit

    Joined: 09-04-04

    "the software's automatic malware removal features had been disabled by Target security in the months prior to the intrusion"

    This coupled with giving an outside vendor (an HVAC contractor) total access to your corporate network (including payment processing) smells like an inside job by someone fairly high up in Target security. Any firings or early retirements in the last year like right about when the malware sweeper was turned off. Any memos issued on it?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bringi ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this y ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

Sponsor

toggle

Most Commented

 
toggle

Popular News