Following the footsteps of Targets CIO who stepped down in March, Gregg Steinhafel has also announced his plans to step down as CEO.
Why is this, you may ask? Steinhafel states that he feels “personally accountable” for the security breach that occurred last year and feels that he is behind the retail stores lax security. This revelation was made after having some rather “extensive discussions” with the board of directors. Sounds like it was totally Steinhafel’s decision.
My first thought? Well, that took long enough.
What went wrong?
I know, I know. It’s been hashed an rehashed a million times. But while the actual hack wasn’t really that inventive, the hackers were able to pull off what is now on of the biggest hacks in U.S. history. And Target? They took their sweet time alerting consumers of the scope of the damage.
- Malware was installed into Target’s (TGT) security and payments system
- In the days leading up to Thanksgiving malware was placed in the security and payment. This malware was created to steal every single credit card that was used in each and every one of the 1,797 U.S. stores.
- As cards were swiped, malware took over
- The hackers created staging points all over the U.S. in order to cover tracks and get the information to their computers which were in Russia. They were spotted by FireEye. From there Bangalore was notified and they sent an alert to Minneapolis.
What happened next?
Minneapolis didn’t react. When over 10 former Target employees that were familiar with Targets security in addition to another 8 who had knowledge of the hack were asked what went down they went with an alert system that Target had that is set to protect customer to retailer bond and that this system flowed perfectly.
Why it’s actually a BFD.
So why did Target stand by and let 40 million credit card numbers in addition to 70 million addresses, phone numbers and other personal information be released from mainframes? While Target claims to have been so safe and have top security and malware protection, system and human error allowed for unsophisticated malware to access millions of shopper’s credit card and personal information.
Unfortunately for Target, pretending something isn’t a thing doesn’t make it go away. As technology grows, so do the number of hackers at the ready to steal personal information. Let’s see if this massive security breach will bring about embedded chips, now used more commonly in Europe, will better protect data than the current magnetic strips that are used in credit cards.
The moral of the story is this: Don’t be lazy or greedy or cheap. This happened because financial institutions and retailers didn’t take all of the necessary steps to truly secure our data. (Don’t follow their example: read THIS post.)
The chips have been around for a while now, and Target likely knew of its weaknesses. So, excuse me while I don’t feel too sorry for Mr. Steinhafel. I can’t believe it took him this long to “resign.” Now, stocks are down and cue the violins.
So tell me, did the data breach impact your shopping habits?