General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsTarget says it declined to act on early alert of cyber breach
(Reuters) - Target Corp's security software detected potentially malicious activity during last year's massive data breach, but its staff decided not to take immediate action, the No. 3. U.S. retailer said on Thursday.
"With the benefit of hindsight, we are investigating whether if different judgments had been made the outcome may have been different," company spokeswoman Molly Snyder said in a statement.
SNIP
The FireEye reports indicated malicious software had appeared in the system, according to a person whom Bloomberg Businessweek had consulted on Target's investigation but was not authorized to speak publicly on the matter.
The alert from FireEye labeled the threat with the generic name "malware.binary," according to Bloomberg Businessweek. Two security experts who advise organizations in responding to cyber attacks and both have experience using FireEye technology said that security personnel typically don't get excited about such generic alerts because FireEye does not provide much information about those threats.
The experts said that they believed it was likely that Target's security team received hundreds of such alerts on a daily basis, which would have made it tough to have singled out that threat as being particularly malicious.
"They are bombarded with alerts. They get so many that they just don't respond to everything," said Shane Shook, an executive with Cylance Inc. "It is completely understandable how this happened."
SNIP
Target Chief Financial Officer John Mulligan told a congressional committee in February that the company only began investigating after on December 12, when the U.S. Justice Department warned the company about suspicious activity involving payment cards. Within three days, nearly all the malicious software had been removed from Target's cash registers, he said.
Continued at Link:
http://www.reuters.com/article/2014/03/13/us-target-breach-idUSBREA2C14F20140313
GeorgeGist
(25,320 posts)cloudbase
(5,513 posts)"With the benefit of hindsight, we are investigating whether if different judgments had been made the outcome may have been different," company spokeswoman Molly Snyder said in a statement.
Ya think?
sendero
(28,552 posts)... that they get hundreds of similar alerts every day, well it's not hard to understand why nothing was done.
OTOH a tool that puts out that many bogus alerts is worse than useless.