Target Corp. last spring installed a sophisticated new system to detect intrusions to its data system but did nothing when the system sent out numerous warnings of the November cyberattack that led to the exposure of financial and personal information of tens of millions of customers, Bloomberg Businessweek reported Thursday.
The story, citing more than a dozen people who worked with Target and its technology vendors, says the Minneapolis-based retailer spent $1.6 million on a tool to detect so-called “malware” software from a company that also supplies such products to the CIA and Pentagon. The tool detected the intrusions as they started in late November and sent off multiple warnings.
The warnings weren’t acted on, however, the sources told the magazine. No reason is given, though several are suggested, including the possibility that there was still some skepticism about the tool among Target’s information technology staff.
The article says that some older data protection tools were also giving warnings of the attack.
Target declined to answer specific questions posed by the magazine. In a statement to the magazine, the company said it continues to investigate the breach. “As the investigation is not complete, we don’t believe it’s constructive to engage in speculation without the benefit of full analysis,” the statement said.
Earlier this month, Target’s chief information officer resigned as the retail giant overhauls its information security operations.
Target shares were down about a half-percent in morning trading on the New York Stock Exchange.