Market Overview

Target Blew It And Here's How

Target Blew It And Here's How

If you think the biggest retail hack in U.S. history happened because Target (NYSE: TGT) didn’t have a strong enough security system, you are wrong. Target’s security system, provided by computer security firm, FireEye (NASDAQ: FEYE), worked just fine, according to a recent report by Bloomberg.

In fact, the $1.6 million malware detection system, installed six months earlier, quickly picked up the installation of what is known as exfiltration malware designed to move stolen credit card numbers off the victim's (in this case, Target) servers to a safe location (in this case, various locations throughout the U.S.).

FireEye, by the way, is no fly-by-night security firm. Its customers include the Pentagon and the CIA. The firm and its management are highly respected, according to Bloomberg and the company’s stock rose in February after Wells Fargo Securities initiated coverage with an “Outperform” rating.

Related: Target Set To Lead The Way On Chip And Pin Credit Card Technology

Last November, Target’s team of security specialists in Bangalore were charged with monitoring company computers on a 24/7 basis. They did that.

The way the system was set up, if the personnel in Bangalore saw anything suspicious they were to alert Target’s security operations center in Minneapolis.

According to the Bloomberg report, on Saturday, November 30, personnel in Bangalore saw something suspicious and, in fact, did alert the security team in Minneapolis.

At which point, nothing happened. And that, according to the report, is how Target blew it.

For reasons not yet known, Minneapolis apparently did not react to the alert. The rest, as they say, is history - the kind of history that results in 40 million credit card numbers along with 70 million addresses, phone numbers, and other bits of personal data getting scooped up and sent to – of all places – Russia.

Target CEO, Gregg Steinhafel, when asked about the chain of events issued an email statement saying, “Target was certified as meeting the standard for the payment card industry (PCI) in September 2013. Nonetheless, we suffered a data breach. As a result, we are conducting an end-to-end review of our people, processes, and technology to understand our opportunities to improve data security and are committed to learning from this experience.

"While we are still in the midst of an ongoing investigation, we have already taken significant steps, including beginning the overhaul of our information security structure and the acceleration of our transition to chip-enabled cards. However, as the investigation is not complete, we don’t believe it’s constructive to engage in speculation without the benefit of the final analysis.”

After news of the security lapse surfaced in December, Target stock fell. Shares reached a low of about $55 per share in early February. Since then share prices have recovered to a little more than $60 per share, though not near the 52-week high of $73.50 in July of last year.

At the time of this writing, Jim Probasco had no position in any mentioned securities.


Related Articles (TGT)

View Comments and Join the Discussion!

Posted-In: Bangalore CIA FireEye Gregg Steinhafel malwareNews Events Media Best of Benzinga