Target Initially Ignored Warning Of Security Breach [REPORT]

Target Initially Ignored Warning Of Security Breach [REPORT]
By The original uploader was Svgalbertian at English Wikipedia [Public domain], <a href="">via Wikimedia Commons</a>

As banks large and small line up to bring a lawsuit against Target Corporation (NYSE:TGT) over its data breach that is said to have cost the financial institutions millions, a new revelation that Target knew about the breach of its internal security system before the data was transmitted to computer thieves could complicate the retailer’s legal defense.

Target said to have ignored warning of security breach

According to a report in Bloomberg, Target Corporation (NYSE:TGT) received then ignored warnings from a security software application it had recently installed.  Close to 40 million people had vital personal information, such as credit card numbers, stolen days later.

GrizzlyRock: Long Thesis For This European Travel Company [Q1 Letter]

TravelGrizzlyRock Value Partners was up 16.6% for the first quarter, compared to the S&P 500's 5.77% gain and the Russell 2000's 12.44% return. GrizzlyRock's long return was 22.3% gross, while its short return was -2.9% gross. Compared to the Russell 2000, the fund's long portfolio delivered alpha of 10.8%, while its short portfolio delivered alpha Read More

The FireEye software flagged the infectious malware on Nov. 30, according to the report, before customer data had been transferred to the computer thieves. Target Corporation (NYSE:TGT) delayed acting on the warning, giving the computer thieves enough time to abscond with customer information.  An automatic setting that could have automatically deleted the malware virus was turned off.

Target responds

Target Corporation (NYSE:TGT) issued a statement to NBC news following the Bloomberg article, but it did not address the timing of when the security breach was first discovered and when they acted.  “Through our investigation, we learned that after these criminals entered our network, a small amount of their activity was logged and surfaced to our team,” the statement read. “That activity was evaluated and acted upon. Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow up. With the benefit of hindsight, we are investigating whether if different judgments had been made the outcome may have been different.”

Report doesn’t mince words

The Bloomberg report doesn’t mince words when discussing the issue.  “Bloomberg Businessweek spoke to more than 10 former Target employees familiar with the company’s data security operation, as well as eight people with specific knowledge of the hack and its aftermath, including former employees, security researchers, and law enforcement officials. The story they tell is of an alert system, installed to protect the bond between retailer and customer, that worked beautifully. But then, Target Corporation (NYSE:TGT) stood by as 40 million credit card numbers—and 70 million addresses, phone numbers, and other pieces of personal information—gushed out of its mainframes.”

Target Corporation (NYSE:TGT)’s CEO issued an e-mail statement to Bloomberg: “Target was certified as meeting the standard for the payment card industry (PCI) in September 2013. Nonetheless, we suffered a data breach. As a result, we are conducting an end-to-end review of our people, processes and technology to understand our opportunities to improve data security and are committed to learning from this experience. While we are still in the midst of an ongoing investigation, we have already taken significant steps, including beginning the overhaul of our information security structure and the acceleration of our transition to chip-enabled cards. However, as the investigation is not complete, we don’t believe it’s constructive to engage in speculation without the benefit of the final analysis.”

Another explanation of why the breach occurred, circulated in initial reports, said a top Target Corporation (NYSE:TGT) security executive had departed the company the month previous, and the software was relatively new and un-trusted.

As reported in ValueWalk, Target Corporation (NYSE:TGT)’s chief technology officer had recently resigned in wake of the breach.

Previous article Buffett Isn’t Worried About Another Market Crash
Next article Vivendi Chooses Altice SA For SFR Wireless Unit Sale Talks
Mark Melin is an alternative investment practitioner whose specialty is recognizing a trading program’s strategy and mapping it to a market environment and performance driver. He provides analysis of managed futures investment performance and commentary regarding related managed futures market environment. A portfolio and industry consultant, he was an adjunct instructor in managed futures at Northwestern University / Chicago and has written or edited three books, including High Performance Managed Futures (Wiley 2010) and The Chicago Board of Trade’s Handbook of Futures and Options (McGraw-Hill 2008). Mark was director of the managed futures division at Alaron Trading until they were acquired by Peregrine Financial Group in 2009, where he was a registered associated person (National Futures Association NFA ID#: 0348336). Mark has also worked as a Commodity Trading Advisor himself, trading a short volatility options portfolio across the yield curve, and was an independent consultant to various broker dealers and futures exchanges, including OneChicago, the single stock futures exchange, and the Chicago Board of Trade. He is also Editor, Opalesque Futures Intelligence and Editor, Opalesque Futures Strategies. - Contact: Mmelin(at)

No posts to display