If you’ve ever used a credit card at Target — or, really, anywhere else — Businessweek’s long story on the Target data breach, by Michael Riley, Ben Elgin, Dune Lawrence and Carol Matlack, makes for chilling but rewarding reading.
Based in part on interviews with former Target employees, it says that the malware the attackers used to hack the retail chain’s point-of-sale system wasn’t all that sophisticated — and that the company’s security software detected something was amiss, and could have been set to block the attack without human intervention. But Target opted to turn off this option, and the humans in charge of protecting data didn’t intervene. (The fact that a key employee had recently left and hadn’t been replaced may not have helped.)
A few details about the heist:
Businessweek’s piece also delves into the likely suspects behind the breach and why stealing credit-card information and other personal data is such a rewarding business to be in. I hope this doesn’t end up being the definitive article on all this — there’s still a lot we don’t know, and Target itself isn’t really talking — but it’s a remarkable piece of reporting nonetheless.