A Minnesota judge has ordered to unseal a 55-page documentalleging that in the months leading up to Target's massive databreach in late 2013, the retailer repeatedly missed warnings aboutmalware intrusions, kept unencrypted payment card information onits servers and postponed taking action on breach alerts in orderto avoid interrupting Cyber Monday.

In it are allegations that the retailer made three decisionsthat allowed the breach, which compromised tens of millions of credit and debit cards, to occur andgreatly increased its severity. First, it claimed, in October 2013,Target disabled and removed key security features by Symantec, ananti-virus provider, and kept them disabled and removed until afterBlack Friday. Second, Target installed a FireEye cybersecurityapplication but didn't implement its malware prevention features,the document alleged. Third, the retailer allegedly didn't fullyintegrate the application into its alert generating system, causinga Dec. 2, 2013, alert about malware associated with the breach togo unheeded, the document alleged.

Continue Reading for Free

Register and gain access to:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts.
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders.
  • Educational webcasts, white papers, and ebooks from industry thought leaders.
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.