security,  target

Target Had Warning of Security Risks

A new article by The Wall Street Journal says that officials at Target were made aware of the potential security risks that lead to the November 27 – December 18 attack last year.

“Target Corp.’s computer security staff raised concerns about vulnerabilities in the retailer’s payment card system at least two months before hackers stole 40 million credit and debit card numbers from its servers, people familiar with the matter said.”

In Target’s defense, the Journal also reports:

“The sheer volume of warnings that retailers receive makes it hard to know which to take seriously. Target has an extensive cybersecurity intelligence team, which sees numerous threats each week and could prioritize only so many issues at its monthly steering committee meetings, the former employee said.”

As an IT professional, I find a report like this to be disappointing.  It’s a constant battle between setting business objectives and setting priorities and “good house keeping” such as installing infrastructure and security upgrades and patches.  Sometimes those priorities get muddy.
As a Target customer who had their personal data stolen in the breach, I’m more than annoyed to learn that the situation was preventable.  It is also my opinion that most of these types of breaches are preventable with frequent software updates.
I think security breaches, both large and small, along with the ever growing data stockpile that companies are amassing about their customers is a growing concern for customers and IT departments alike.  We all know that our online habits are being tracked and that companies are collecting an amazing amount of personal data about who we are so that this information can be used to either make more money from you with targeted advertising or by selling the collected information to third-parties.
While I don’t think that personal data collection will go away anytime soon, if ever, I would hope that as a society, we put new laws and limits on what businesses and clearing houses can do with the data they collect about us.
Click the source link below to read the full article online (login required).