Target's holiday security breach may seem like old news — customers whose cards were compromised have long since had to deal with reversing fraudulent charges and getting their cards reissued. But the loss of so much consumer data means that the investigation into just what happened is ongoing. A report out this week from the U.S. Senate is further bad news for the retailer, suggesting that Target ignored warnings that might have prevented the attack.
The report for the Senate Committee on Commerce, Science, and Transportation, titled "A 'Kill Chain' Analysis of the 2013 Target Data Breach," looks into the steps hackers took to get into Target's network — the so-called "kill chain" — and highlights points at which the hackers might have been stopped. According to the report, Target made several mistakes which, if prevented, could have protected shoppers' data:
- A third-party vendor without strong security practices had access to Target's network, allowing attackers a way in.
- Target failed to isolate sensitive data, which allowed hackers to gain access to this data after they had access to other, less sensitive parts of Target's network.
- Target ignored warnings from its anti-intrusion software suggesting malware was being installed on their system, as well as additional warnings about how the hackers were extracting data from their network.
The report goes into a lot of detail on just what Target might have done to keep its data safe; solving any one of these problems could have stopped the hackers in their tracks and kept customer data secure.
But government investigation isn't the only thing Target has to worry about — lawsuits from both consumers and banks aim to shake down the company for losses incurred due to the data breach. Only time will tell whether these lawsuits get any traction, but they do leave Target fighting an uphill battle to extract itself from the fallout of the breach.
Still, a bigger problem than both government officials and corporate lawyers may be public opinion, which can be devastated by this sort of security problem. Target's earnings have been down, with a 5.5% drop in the number of transactions for the quarter ending on February 1, after the data breach was announced. And with more bad news continuing to roll in, it's possible that the situation may still get worse for Target.
But hopefully, this case is the beginning of things getting better for consumers — with both Target and other companies ramping up their security efforts to prevent such breaches in the future.
Have security concerns driven you away from Target or other retailers? Let us know in the comments!