Epic, feature-length cover story for Businessweek:
In testimony before Congress, Target has said that it was only
after the U.S. Department of Justice notified the retailer about
the breach in mid-December that company investigators went back to
figure out what happened. What it hasn’t publicly revealed: Poring
over computer logs, Target found FireEye’s alerts from Nov. 30 and
more from Dec. 2, when hackers installed yet another version of
the malware. Not only should those alarms have been impossible to
miss, they went off early enough that the hackers hadn’t begun
transmitting the stolen card data out of Target’s network. Had the
company’s security team responded when it was supposed to, the
theft that has since engulfed Target, touched as many as one in
three American consumers, and led to an international manhunt for
the hackers never would have happened at all.
It occurs to me that a similar breach is surely one of the biggest risks facing Apple today. Nobody has been trusted with more credit card numbers than Apple, and there’s no company whose shortcomings garner more press attention.
★ Thursday, 13 March 2014