Senate Report Blames Target for Not Preventing, Stopping Data Breach

Target reportedly failed to isolate sensitive data, while also ignoring warnings from its anti-intrusion software.

Target's holiday security breach may seem like old news — customers whose cards were compromised have long since had to deal with reversing fraudulent charges and getting their cards reissued. But the loss of so much consumer data means that the investigation into just what happened is ongoing. A report out this week from the U.S. Senate is further bad news for the retailer, suggesting that Target ignored warnings that might have prevented the attack.

The report for the Senate Committee on Commerce, Science, and Transportation, titled "A 'Kill Chain' Analysis of the 2013 Target Data Breach," looks into the steps hackers took to get into Target's network — the so-called "kill chain" — and highlights points at which the hackers might have been stopped. According to the report, Target made several mistakes which, if prevented, could have protected shoppers' data:

  • A third-party vendor without strong security practices had access to Target's network, allowing attackers a way in.

  • Target failed to isolate sensitive data, which allowed hackers to gain access to this data after they had access to other, less sensitive parts of Target's network.

  • Target ignored warnings from its anti-intrusion software suggesting malware was being installed on their system, as well as additional warnings about how the hackers were extracting data from their network.

The report goes into a lot of detail on just what Target might have done to keep its data safe; solving any one of these problems could have stopped the hackers in their tracks and kept customer data secure.

But government investigation isn't the only thing Target has to worry about — lawsuits from both consumers and banks aim to shake down the company for losses incurred due to the data breach. Only time will tell whether these lawsuits get any traction, but they do leave Target fighting an uphill battle to extract itself from the fallout of the breach.

Still, a bigger problem than both government officials and corporate lawyers may be public opinion, which can be devastated by this sort of security problem. Target's earnings have been down, with a 5.5% drop in the number of transactions for the quarter ending on February 1, after the data breach was announced. And with more bad news continuing to roll in, it's possible that the situation may still get worse for Target.

But hopefully, this case is the beginning of things getting better for consumers — with both Target and other companies ramping up their security efforts to prevent such breaches in the future.

Have security concerns driven you away from Target or other retailers? Let us know in the comments!

Elizabeth Harper
Contributing Writer

Originally working in IT, Elizabeth now writes on tech, gaming, and general consumer issues. Her articles have appeared in USA Today, Time, AOL, PriceGrabber, and more. She has been one of DealNews' most regular contributors since 2013, researching everything from vacuums to renters insurance to help consumers.
DealNews may be compensated by companies mentioned in this article. Please note that, although prices sometimes fluctuate or expire unexpectedly, all products and deals mentioned in this feature were available at the lowest total price we could find at the time of publication (unless otherwise specified).


Leave a comment!

or Register
Maybe it's time to start carrying cash again?

You must be joking--perhaps not a well thought out
solution with the streets full of thieves and thugs!

Why should consumers suffer the inability to
use credit because a large corporation is unable
to secure it's customers data?
Maybe it's time to start carrying cash again?