Target failed to act on security warnings

Target (NYSE: TGT) confirmed it failed to act on early warnings of malicious activity during its massive data breach.

"With the benefit of hindsight, we are investigating whether if different judgments had been made the outcome may have been different," company spokeswoman Molly Snyder said in a statement.

The early warnings came from Target's own $1.6 million security system called FireEye, which was created by the CIA, reports TIME. FireEye allegedly sent alerts to Target but the notifications went without any response. The experts said that they believed it was likely that Target's security team received hundreds of such alerts on a daily basis. If Target's security team had taken action after the earliest FireEye alerts, it could have thwarted the cyber attack.

According to Target, however, these alerts didn't go unnoticed and after an internal investigation, they were dismissed as inconsequential.

"Through our investigation, we learned that after these criminals entered our network, a small amount of their activity was logged and surfaced to our team. That activity was evaluated and acted upon," Snyder said. "Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow up."

Target initially said it was unaware of the breach until mid-December, when the company closed a loophole in its network and notified law enforcement and financial institutions. The breach affected customers who shopped at Target from Nov. 27 until Dec. 18 when hackers gained access to 40 million credit and debit card accounts.

It could be the largest security breach at a retailer to date and the fallout continues. CIO Beth Jacob resigned March 5, and the company is looking for an interim CIO and a chief information security officer (CISO), a position that will realign oversight of critical IT security functions. Target is looking outside the company for the CISO and a chief compliance officer.

Target is also struggling to regain shopper trust and make up for lost ground, sales-wise. Last month, Target reported a 46 percent decline in its fourth-quarter profit, as costs related to the breach weighed on the retailer's earnings. Target was hit with $61 million in quarterly expenses from the breach.

For more:
-See this TIME article
-See this BBC News article
-See this Reuters article

Related stories:
Target: Timeline of a data breach
Target's data breach is a story with long legs
Target breach: Heating vendor confirmed as hackers' entry point
Target to install chip and PIN card readers, says that only 25 registers were to blame for massive breach
The story of how Target had chip and PIN cards, but failed to keep them