Target Exec Offers Detailed Timeline on Massive Payment Card Breach

Target Exec Offers Detailed Timeline on Massive Payment Card BreachExecutives from Target and Neiman Marcus testified before the Senate Judiciary Committee Tuesday, detailing their responses to recent, massive data breaches.
Most notable was the timeline provided by Target Executive Vice President and Chief Financial Officer John Mulligan, covering the events that transpired in December after the retailer was informed by the Justice Department of suspicious activity tied to payment card usage at Target stores.
The theft of the payment card data affected consumers who shopped at U.S. Target stores from November 27 through December 18. The tally: the credit card and debit card data of 40 million customers and certain personal data of up to 70 million guests were stolen in the historic breach, the biggest of its type ever.
“We now know that the intruder stole a vendor’s credentials to access our system and place malware on our point-of-sale registers,” Mulligan said in his prepared testimony. “The malware was designed to capture payment card data from the magnetic strip of credit and debit cards prior to encryption within our system.”
Here is Mulligan’s timeline:
December 12
We were notified by the Justice Department of suspicious activity involving payment cards used at Target stores. We immediately started our internal investigation.
December 13
We met with the Justice Department and the Secret Service.
December 14
We hired an independent team of experts to lead a thorough forensic investigation.
December 15
We confirmed that criminals had infiltrated our system, had installed malware on our point-of-sale network and had potentially stolen guest payment card data. That same day, we removed the malware from virtually all registers in our U.S. stores.
December 16-17
We began notifying the payment processors and card networks, preparing to publicly notify our guests and equipping our call centers and stores with the necessary information and resources to address the concerns of our guests.
December 18
We disabled malware on about 25 additional registers which were disconnected from our system when we completed the initial malware removal on December 15. As a result, we determined that fewer than 150 additional guest accounts were affected.
December 19
Our actions leading up to our public announcement on December 19 – and since – have been guided by the principle of serving our guests, and we have been moving as quickly as possible to share accurate and actionable information with the public.
When we announced the intrusion on December 19 we used multiple forms of communication, including a mass-scale public announcement, email, prominent notices on our website, and social media channels.

Leave a Reply

Your email address will not be published. Required fields are marked *