March 13, 2014

Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It

The biggest retail hack in U.S. history wasnât particularly inventive, nor did it appear destined for success. In the days prior to Thanksgiving 2013, someone installed malware in Targetâs (TGT) security and payments system designed to steal every credit card used at the companyâs 1,797 U.S. stores. At the critical momentâwhen the Christmas gifts had been scanned and bagged and the cashier asked for a swipeâthe malware would step in, capture the shopperâs credit card number, and store it on a Target server commandeered by the hackers.

Behind this weekâs coverItâs a measure of how common these crimes have become, and how conventional the hackersâ approach in this case, that Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon. Target had a team of security specialists in Bangalore to monitor its computers around the clock. If Bangalore noticed anything suspicious, Targetâs security operations center in Minneapolis would be notified.

Read more at Bloomberg Businessweek.