Target has apologized profusely for the data breach that has resulted in the compromise of personal and credit card/debit card data from over 40 million Target shoppers. Anyone who shopped at target from Thanksgiving to December 15th and paid with a credit or debit card, fell victim to the heist.
Target has done everything a big retailer can and should do, after such a large breach in security. However, what’s outraging customers now are reports that Target may have ignored warnings from their own in-house security analysts that could have led to the prevention of this breach.
According to Business Insider reporting on a story broken late last week by the Wall Street Journal, that’s exactly what happened.
At least one analyst at the Minneapolis-based retailer wanted to do a more thorough security review of its payment system, a request that at least initially was brushed off, the people said. The move followed memos distributed last spring and summer by the federal government and private research firms on the emergence of new types of malicious computer code targeting payment terminals, a former employee said., The Wall Street Journal reported
It’s unclear whether the warnings went completely ignored however if analysts and reports are correct, Target could have prevented the heist if they had fully acted on the information.
It was widely reported and then confirmed that hackers gained access to Target’s internal systems using credentials from an HVAC company. Krebs on Security, founder and security expert Brian Krebs was the first to announce the security heist at Target. He’s also been investigating the story since he originally broke it.
The latest revelations reveal that Target has posted a tremendous amount of information about vendors, which vendors they use and how vendors can submit bids for jobs.
A simple Google search turns up Target’s Supplier Portal, which includes a wealth of information for new and existing vendors and suppliers about how to interact with the company, submit invoices, etc. That page leads to a separate page of information on Target Facilities Management, which includes a slew of instructions on submitting work orders. That page also includes a link to another set of resources: A Supplier Downloads page that, oddly enough, is little more than a long list of resources for HVAC & refrigeration companies. Krebs wrote.
Target is reportedly revamping all of the systems that were penetrated during the attack, and of course, their payment terminal system which was how the hackers obtained all the information from Target customers.