WASHINGTON, March 13 A Target Corp team
of security experts, armed with a malware detection tool made by
FireEye Inc, alerted company officials about a possible
data breach on Nov. 30, but they failed to respond to the
warning signs, according to a media report on Thursday.
The security specialists in Bangalore, India, monitoring
computer logs found FireEye's alerts from Nov. 30 and notified
Target officials in Minneapolis, Bloomberg Businessweek
reported. They also found more alerts from Dec. 2, when more
malware surfaced.
Such warnings, if heeded, could have cut short the massive
data breach that affected millions of customers who shopped at
the nation's No. 3 retailer between Nov. 27 and Dec. 18 - the
height of the U.S. holiday shopping season.
Some 40 million credit and debit card records were stolen
from the retailer, along with 70 million other records with
customer information such as addresses and telephone numbers.
Congress is investigating the breach along with lapses that
surfaced at other retailers, and credit card companies are
pushing for better security.
Shares of Target took a hit after news of the security lapse
surfaces in mid-December but recovered after the company offered
assurances last month. Its shares were largely unchanged in
pre-market trading on the New York Stock Exchange on Thursday.
Shares of FireEye were up 2 percent on Nasdaq.
Bloomberg, citing a source who has consulted on the Target's
investigation, said hackers deployed a custom-made code on Nov.
30 that triggered a FireEye alert for the malware, including
details on the servers where stolen data was to be delivered.
The security system's automatic function to delete such
malware was turned off by Target's security team, the report
said, citing two people who audited FireEye's role after the
breach.
Target Chief Executive Gregg Steinhafel, in a statement to
Bloomberg, said the retailer was still reviewing its "people,
processes and technology" in the wake of the breach.
"As the investigation is not complete, we don't believe it's
constructive to engage in speculation without the benefit of the
final analysis," Steinhafel wrote, according to the report.
He said the company had "already taken significant steps."
Target earlier this month said it was overhauling its
information security practices.
Representatives for Target and FireEye could not immediately
be reached to comment on the report.