How Target Could Have Prevented Customer Data Hack

REPLAY VIDEO
Your next video will start in
Pause

Recommended Videos

  • Info

  • Comments

  • VIDEO TEXT

March 13 (Bloomberg) -- Bloomberg Businessweek Editor Josh Tyrangiel discusses this week’s cover story on how the customer data breach at Target stores happened, and what could have prevented it, on Bloomberg Television’s “In The Loop."

It took between the hack and when target made a statement.

We know why they were asleep at the wheel?

That is the mystery.

Unlike many retailers that do not have sophisticated malware detective systems, target spent $1.6 million for fire eye.

The systems are used by militaries around the world.

Target did the right thing at first.

They had this in place a year ago.

They employ a group of people who monitor the system and they pained -- they pinged minneapolis the moment they see anything suspicious.

Fireeye spots it and we asked target to respond specifically to the question -- what happened?

We got back a statement -- they did not respond directly.

The key question is why did it go on responded to.

There's a second layer here.

Fireye has a setting to eradicate any malware it detects.

For some reason, target had turned off that setting.

Is that unusual?

There are people that use fireeye.

They want the decision of eradicating malware in the hands of people.

There were two opportunities to stop it.

We found no one who said this was any sort of cover-up.

It is just gross incompetence.

What i found fascinating is that what you're reporters uncovered as this is a run-of-the-mill operation.

This is not a special type of cyber attack on a company.

This is a normal hack.

The hackers inserted a bit of malware, bad software, at the cash register.

As soon as you swipe, they get your data, it goes through, but they get your data and they send it off to a storage server where they hold onto it and eventually exported to savor servers for them.

This goes on all the time.

The hacker in this instance, and we know a lot more about the possible identity of the hacker.

They made a ton of mistakes.

They left clues to identity behind.

There is somebody -- the identity of the person is difficult for our reporters to pin down.

There are clues to the identity in the hack itself.

A lot of the people that we spoke to said this is not a high-level hack.

Most likely, it was carried off by a group.

It is very an usual for a sophisticated hacker to leave behind clues to their identity, particularly when you're talking about the biggest retail hacking history.

I want to pull up the statement that target provided.

They did not address the question of why were they asleep at the wheel.

What is all this mean.

Profits were down 46% in the holiday shopping period.

Customers are attuned to the companies that will take care of their data.

There are consequences for companies that cannot protect personal data and you see that.

46% during the holiday shopping period is a huge deal.

History is pretty long.

People have been exchanging cash for goods for 10,000 years.

Somewhere in the first 20 years it was a bit of a mess.

We need to recall that we are still quite new to all the ways in which we can obtain goods through electronic data.

You expect that we are going to learn from these things.

The tragedy is that target was prepared.

They were prepared.

It sounds like they were more prepared than other retailers.

The retailing industry is not very good at protecting itself from cyber attacks.

Only about six percent of retailers are able to detect their own hacks.

The reason is, if you are a big bank, if you are a credit card agency and you are storing sensitive information, you have to invest massive amounts of money and storing and for taking that data.

Using about all of the entry points -- all of the data flowing through -- it is a ton of stuff to protect.

It is amazing how lax consumers are about their data.

You don't realize that you do not have to give it to them.

We are leaving trails everywhere.

You are leaving user ideas and -- ids and passwords.

There are bits of your personal identification and access points all across the web.

The key thing is to get rid of them.

Has target learned their lesson?

They have nearly 100 lawsuits to protect themselves from.

There will be a limit to what they can respond to.

We asked them to participate in the story and they declined.

It is hard to have an insight into what they have learned how far they're going to go to secure their systems in the future.

The new issue of bloomberg businessweek is on stance on friday.

Read it.

You can read it online at businessweek.com.

Check it out on the go.

Download the app for free on your ipad.

We will be back in two minutes.

?

This text has been automatically generated. It may not be 100% accurate.

Advertisement

BTV Channel Finder

Channel_finder_loader

ZIP is required for U.S. locations

Bloomberg Television in   change