Target was prepared for its massive hack in November and knew of it early on, but did nothing to stop it, according to a report.
A Bloomberg Businessweek claims that, months prior to the attack, the retailer installed a $1.6 million malware detection tool from FireEye. Target also had a group of security specialists in Bangalore monitor the system at all hours. On Nov. 30, the Bangalore team got an alert and notified Target's security team in its Minneapolis headquarters. For some reason, however, that team did nothing about an attack that would eventually compromise up to 40 million customers' credit card data. (Target later revealed that personal information like email addresses and phone numbers had been compromised for 70 million customers, meaning a total of 110 million people may have been affected.)
See also: How to Check If Hackers Stole Your Data in Massive Target Breach
The report, which is based on a two-month investigation, contradicts Target's statements about the incident until now. In a Congressional testimony, the company claims that it only learned of the attack in mid-December, after the U.S. Department of Justice caught it and contacted Target. However, Businessweek cites computer logs that show there were FireEye alerts from Nov. 30 and then Dec. 2, when a second attack occurred. The article doesn't outline what specifically went wrong with Target's 300-person security team, except to characterize the inaction as a series of "blunders." FireEye has an option to automatically delete malware when it's detected, but Target's security team disabled that feature, according to the report.
Target's President and CEO Gregg Steinhafel issued a statement about the report, saying the company is in the midst of a company-wide probe to determine what happened. Target's CIO during the hack, Beth Jacob, resigned earlier this month.
Meanwhile, the report also speculates that the perpetrator of the hack may be Andrey Khodyrevskiy, a 22 year-old Ukrainian hacker who goes by the name Rescator. Khodyrevskiy in Odessa, which is described as a haven for "carders," a.k.a. dealers in stolen credit card info. However, Businessweek cautions that "there’s no definitive proof that Rescator and Khodyrevskiy are the same person."