Target Corp's security software detected potentially malicious activity during last year's massive data breach, but its staff decided not to take immediate action, the U.S. retailer said on Thursday.
"With the benefit of hindsight, we are investigating whether if different judgments had been made the outcome may have been different," company spokeswoman Molly Snyder said in a statement earlier this week.
The news comes after Bloomberg Businessweek reported that Target's security team in Bangalore received alerts from a FireEye Inc security system back on November 30 after the attack was launched.
Alerts were then sent to Target headquarters in Minneapolis.
FireEye's reports showed that malicious software had appeared in the system, according to a person whom Bloomberg Businessweek had discussed with on Target's investigation.
The person but was not authorized to speak publicly on the subject however.
The alert labeled the threat with the name "malware.binary," according to the Bloomberg Businessweek report.
Two security experts who advise organizations in responding to cyber attacks, and have experience with FireEye technology said that Target's security team receives hundreds of such alerts every day, which would have made it difficult to single out that particular threat from being malicious.
"They are bombarded with alerts. They get so many that they just don't respond to everything," said Shane Shook, an executive with Cylance Inc. "It is completely understandable how this happened."
John Strand, owner of Black Hills Information Security, said it's easy to call Target incompetent, when considering the damage the breach caused, but that it was not fair to do so.
"Target is a huge organization. They probably get hundreds of these alerts a day," Strand said, according to Reuters. "We can always look for someone to blame. Sometimes it just doesn't work that way."
Target Chief Financial Officer John Mulligan said to a congressional committee last month that the company only started investigating the breach on December 12, when the U.S. Justice Department warned the company about suspicious activity.
Around three days later, almost all of the malicious software had been removed from the company's cash registers, according to Reuters.
Almost 40 million payment card records were stolen from the retailer, along with 70 million other records with its customer information.
"Through our investigation, we learned that after these criminals entered our network, a small amount of their activity was logged and surfaced to our team. That activity was evaluated and acted upon," Snyder said. "Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow up."
See Now: OnePlus 6: How Different Will It Be From OnePlus 5?
