clock menu more-arrow no yes mobile

Filed under:

Target's cybersecurity team raised concerns months before hack

New, 22 comments
Target shopping carts
Target shopping carts

Target's security staff may have been aware of vulnerabilities in the retailer's systems months before a massive breach compromised data on millions of shoppers. The Wall Street Journal reports that at least one internal analyst had called for a thorough review of the defenses around Target's payment terminals, which were later infiltrated during the sophisticated attack. That request was initially "brushed off" according to the Journal. It's unclear if a review was eventually granted before hackers made off with 40 million debit and credit card numbers — and a wealth of other customer information. The specific nature of those concerns are also unknown, the Journal says, so any vulnerabilities exploited by the hackers may have still been in place even after the requested review.

Target maintains an "extensive" cybersecurity intelligence team, according to a former employee who spoke with the Journal. US retailers reportedly deal with many threats each week, and their security teams face the difficult task of prioritizing some of those threats over others. Earlier this month, it was revealed that the Target hackers managed to sneak their way into the company's systems by stealing credentials from a contractor. From there, they planted malicious code targeting the retailer's payment terminals. In the wake of the attack, some Target customers have been hit with fraudulent charges, forcing banks to replace millions of credit and debit cards. An investigation to find those responsible remains ongoing. Be sure to keep up with our StoryStream to get all the latest on the Target situation.