|Target received several warnings that its payment system had been compromised and missed multiple opportunities to prevent the theft of its customers’ credit and debit card information on Dec. 19, 2013, the U.S. Senate Committee on Commerce, Science, & Transportation wrote in a report released Tuesday.
Initially Target reported that 40 million customers’ credit card data was stolen; according to the report, the breach could have affected as many as 110 million Target customers.
With a case to be made that Target could have prevented the theft of this credit card information, dozens of law suits are being leveled at the retail chain, several of which were filed by banks and credit unions.
First Choice Federal Credit Union filed a suit against Target last week; Trustmark National Bank and Green Bank NA filed a complaint in Chicago federal court on Monday against Target and its security firm Trustwave Holding Inc, according to Reuters.
Target Received Warnings About Malware and Failed to Take Action
Though Target has not yet completed its full investigation into the circumstances that led to the attack, the senate report says it appears that “Target missed a number of opportunities along the kill chain to stop the attackers and prevent the massive data breach.”
Originally, a third-party vendor’s “weak security allowed the attackers to gain a foothold in Target’s network,” according to the report. Target then received multiple “automated warnings” from the company’s security software that would have alerted the company to the initial intrusion, ongoing access from the attacker and “escape routes” the hacker set up to extract the stolen credit card data. However, Target apparently failed to respond to them.
The report says that, from what is known so far, Target also did not “properly isolate its most sensitive network assets” — the part of its system that stored consumer data.
Financial Institutions Suing Target for Losses
The financial institutions suing Target say they have taken a big hit over the data breach, with losses coming from the cost of making customers aware of the breach, reissuing debit and credit cards, and covering fraudulent charges, according to Reuters.
The complaint filed by Green Bank and Trustmark seeks at least $5 million, and First Choice Federal Credit Union is seeking the same amount. However, both suits are hoping for class-action status, which would likely result in a much greater payout from Target and security firm Trustwave. Overall the breach is estimated to cost banks and retailers up to $18 billion, reports Reuters.