Target admits that malware was used on point-of-sale terminals during hack


In an interview with CNBC, Target’s CEO Gregg Steinhafel, confirmed that their point-of-sale terminals had been infected with malware and this was used to steal credit and debit card information from millions of people during recent hack.

It was also learned in the interview that the malware attack, which took place last month and led to the payment information of as many as 110 million customers, actually took place on December 15, four days before Target revealed it to the public.

“Sunday [December 15] was really Day 1. That was the day we confirmed we had an issue and so our number one priority was … making our environment safe and secure,” Steinhafel said during the CNBC interview. “By six o’clock at night, our environment was safe and secure. We eliminated the malware in the access point, we were very confident that coming into Monday guests could come to Target and shop with confidence and no risk.”

He went onto explains why the four day delay was “necessary” for security reasons. “Day 2 was really about initiating the investigation work and the forensic work … that has been ongoing. Day 3 was about preparation. We wanted to make sure our stores and our call centers could be as prepared as possible, and Day 4 was about notification,” he said in the interview.

Because, of course time, is never a factor when it comes to credit card theft, and the people’s who information that had been stolen wouldn’t have wanted to know right away, and maybe, say cancel that credit card.

[via Cnet, CNBC, image via j.reed’s flickr]

Related Posts


Leave a Reply

Your email address will not be published. Required fields are marked *


  1. Ashraf
    Mr. Boss

    [@Mike S.] I don’t know. How hard is it to issue a public statement letting everyone know financial information may have been stolen? It surely doesn’t take four days, especially when they KNEW (not suspected) there was malware infection.

    I realize Target was busy cleaning up the mess, but was the PR person really hacking it away removing the malware… or were they thinking of a way to spin the news for the least damage possible? I’m betting on the latter.