Businessweek: ‘How Target Blew It’

Epic, feature-length cover story for Businessweek:

In testimony before Congress, Target has said that it was only after the U.S. Department of Justice notified the retailer about the breach in mid-December that company investigators went back to figure out what happened. What it hasn’t publicly revealed: Poring over computer logs, Target found FireEye’s alerts from Nov. 30 and more from Dec. 2, when hackers installed yet another version of the malware. Not only should those alarms have been impossible to miss, they went off early enough that the hackers hadn’t begun transmitting the stolen card data out of Target’s network. Had the company’s security team responded when it was supposed to, the theft that has since engulfed Target, touched as many as one in three American consumers, and led to an international manhunt for the hackers never would have happened at all.

It occurs to me that a similar breach is surely one of the biggest risks facing Apple today. Nobody has been trusted with more credit card numbers than Apple, and there’s no company whose shortcomings garner more press attention.

Thursday, 13 March 2014