Target data breach timeline

SUMMER 2013

Target installs $1.6 million malware detection tool from FireEye Inc.

September

• Target is certified compliant with payment card industry security standards.

• Attackers steal network credentials of one of Target's contractors, which are later used to gain access to Target's network.

November

Nov. 12: First breach of Target's network; thieves gain access to information on millions of debit and credit cards of Target customers.

Nov. 15-28

• Attackers fully install point-of-sale malware in Target's network.

• Symantec software identifies malicious activity in Target's network.

• Attackers install malware to allow them to export their stolen data.

• Target's FireEye malware detection software sends out alerts.

December

Dec. 2: Attackers install updated malware that can export stolen data.

Dec. 2: Target's FireEye malware detection software again sends out alerts.

Dec. 12: Target is alerted by the U.S. Justice Department of suspicious activity involving payment cards in its system.

Dec. 13: Target meets with the Justice Department and Secret Service.

Dec. 14: Target hires an independent team of experts to lead a forensic investigation.

Dec. 15: Target confirms breach and removes malware from most registers in U.S. stores.

Dec. 16: The company begins notifying payment processors and card networks.

Dec. 18: Target discovers and removes malware on 25 additional registers.

Dec. 18: Computer security blogger Brian Krebs posts a story saying Target is confronting a security breach.

Dec. 19: Target confirms that credit and debit card information of 40 million customers had been exposed.

January

Jan 10: Target announces that personal information of up to 70 million customers also was exposed.

Jan. 13: CEO Gregg Steinhafel apologizes to customers for the data breach in a televised interview with CNBC.

February

Feb. 4: Target CFO John Mulligan briefs the Senate Judiciary Committee on the data breach.

Feb. 5: Mulligan testifies before a House subcommittee.

Feb. 7: Fazio Mechanical Services, a Pennsylvania-based heating and air conditioning contractor hired by Target, is identified as the conduit through which cyberthieves breached Target's payment system.

Feb. 26: Target reports 2013 financial results, including $61 million spent in the fourth quarter on costs related to the cybertheft.

March

March 5: Target announces the resignation of Beth Jacob as senior vice president and chief information officer.

March 13: Bloomberg Businessweek publishes an article that says Target IT security missed warning signs from its malware detection software.

March 26: Target CFO John Mulligan again testifies on Capitol Hill, this time to answer allegations that the company missed opportunities to stop the cyberthieves.

Sources: Senate Committee on Commerce, Science, and Transportation; Bloomberg Businessweek; Brian Krebs; Target Corp., Star Tribune

StarTribune

Target data breach timeline

Tesla recalling nearly 4,000 Cybertrucks because accelerator pedal can get stuck

Here's how Phish is using the Sphere's technology to give fans something completely different

Stock market today: Tumbling tech stocks drag Wall Street to the finish line of another losing week

Buffalo Bills owner Terry Pegula explores selling non-controlling, minority stake in franchise

How major US stock indexes fared Friday, 4/19/2024