Executives of Target Corp. (Minneapolis) are scheduled to testify today before the U.S. Senate Committee on Commerce, Science and Transportation about the data breach last December that affected millions of customers, whether it had clues about the attack weeks before responding and why it took so long to react.
According to Bloomberg News, some of the activities of the intruders were detected and evaluated by security professionals shortly after the original Nov. 12, 2013, hacking, a month before the retailer was alerted to suspicious activity by the U.S. Justice Department. That led to an internal investigation that confirmed a breach on Dec. 15, 2013.
“We are asking hard questions about whether we could have taken different actions before the breach was discovered,” said Target cfo John Mulligan. “In particular, we are focused on what information we had that could have alerted us to the breach earlier; whether we had the right personnel in the right positions; and ensuring that decisions related to operational and security matters were sound.”
The Senate committee found that Target appears to have missed opportunities “to stop the attackers and prevent the massive data breach.”
“We are still investigating how the intruders were able to move through the system using higher-level credentials to ultimately place malware on Target’s point-of-sale registers,” Mulligan said. “The malware appears to have been designed to capture payment card data from the magnetic strip of credit and debit cards prior to encryption within our system.”
Target is still searching for a new chief information officer to replace Beth Jacob, who resigned in March after nearly six years in the position. The new executive is expected to help revamp Target’s information-security and compliance operations.