Learning from Target’s Big Hack

Dateline: April 18, 2014

Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend.

In late 2013, the biggest retail hack in US history took place at, unfortunately for them, Target.  Forty million credit card numbers and 70 million addresses, phone numbers and other pieces of personal information were stolen from their data base. BusinessWeek recently published an extensive examination of what happened.

One of our biggest fears as CIOs happened at Target.  It cost the Target CIO her job.  According to BusinessWeek,

Poring over computer logs, Target found FireEye’s alerts from Nov. 30 and more from Dec. 2, when hackers installed yet another version of the malware. Not only should those alarms have been impossible to miss, they went off early enough that the hackers hadn’t begun transmitting the stolen card data out of Target’s network. Had the company’s security team responded when it was supposed to, the theft that has since engulfed Target, touched as many as one in three American consumers, and led to an international manhunt for the hackers never would have happened at all.

If Target’s security team had followed up on the earliest FireEye alerts, it could have been right behind the hackers on their escape path. The malware had user names and passwords for the thieves’ staging servers embedded in the code, according to Jaime Blasco, a researcher for the security firm AlienVault Labs. Target security could have signed in to the servers themselves—located in Ashburn, Va., Provo, Utah, and Los Angeles—and seen the stolen data sitting there waiting for the hackers’ daily pickup. But by the time company investigators figured that out, the data were long gone.

What can you learn from the case study at Target to shore up your IT security protocols?

That’s a WRAP!  Have a nice weekend!

Speak Your Mind