Target data breach timeline
- March 26, 2014 - 8:52 PM
Target installs $1.6 million malware detection tool from FireEye Inc.
• Target is certified compliant with payment card industry security standards.
• Attackers steal network credentials of one of Target’s contractors, which are later used to gain access to Target’s network.
Nov. 12: First breach of Target’s network; thieves gain access to information on millions of debit and credit cards of Target customers.
• Attackers fully install point-of-sale malware in Target’s network.
• Symantec software identifies malicious activity in Target’s network.
• Attackers install malware to allow them to export their stolen data.
• Target’s FireEye malware detection software sends out alerts.
Dec. 2: Attackers install updated malware that can export stolen data.
Dec. 2: Target’s FireEye malware detection software again sends out alerts.
Dec. 12: Target is alerted by the U.S. Justice Department of suspicious activity involving payment cards in its system.
Dec. 13: Target meets with the Justice Department and Secret Service.
Dec. 14: Target hires an independent team of experts to lead a forensic investigation.
Dec. 15: Target confirms breach and removes malware from most registers in U.S. stores.
Dec. 16: The company begins notifying payment processors and card networks.
Dec. 18: Target discovers and removes malware on 25 additional registers.
Dec. 18: Computer security blogger Brian Krebs posts a story saying Target is confronting a security breach.
Dec. 19: Target confirms that credit and debit card information of 40 million customers had been exposed.
Jan 10: Target announces that personal information of up to 70 million customers also was exposed.
Jan. 13: CEO Gregg Steinhafel apologizes to customers for the data breach in a televised interview with CNBC.
Feb. 4: Target CFO John Mulligan briefs the Senate Judiciary Committee on the data breach.
Feb. 5: Mulligan testifies before a House subcommittee.
Feb. 7: Fazio Mechanical Services, a Pennsylvania-based heating and air conditioning contractor hired by Target, is identified as the conduit through which cyberthieves breached Target’s payment system.
Feb. 26: Target reports 2013 financial results, including $61 million spent in the fourth quarter on costs related to the cybertheft.
March 5: Target announces the resignation of Beth Jacob as senior vice president and chief information officer.
March 13: Bloomberg Businessweek publishes an article that says Target IT security missed warning signs from its malware detection software.
March 26: Target CFO John Mulligan again testifies on Capitol Hill, this time to answer allegations that the company missed opportunities to stop the cyberthieves.
Sources: Senate Committee on Commerce, Science, and Transportation; Bloomberg Businessweek; Brian Krebs; Target Corp., Star Tribune
© 2014 Star Tribune