Target says it didn't act on early signs of data breach

NEW YORK - Target Corp. has acknowledged that its security software picked up on suspicious activity after a massive cyberattack was launched, but that it decided not to take immediate action.

The acknowledgment comes after Bloomberg Newsweek reported Thursday that Target's security team in Bangalore, India, received security alerts on Nov. 30 that indicated malicious software had appeared in its network. It then flagged the security team at the home office in Minneapolis.

"Like any large company, each week at Target there are a vast number of technical events that take place and are logged," said spokeswoman Molly Snyder in a statement. "Through our investigation, we learned after these criminals entered our network, a small amount of their activity was logged and surfaced to our team. That activity was evaluated and acted upon. Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow-up."

She added, "With the benefit of hindsight, we are investigating whether, if different judgments had been made, the outcome may have been different."

The nation's second-largest discounter continues to grapple with the fallout of its massive breach since it revealed in mid-December that hackers stole credit card numbers and personal data of millions of its customers. Target announced last week that its chief information officer, Beth Jacob, had resigned, and that it was searching for an interim CIO. It also said it was working to overhaul some of its divisions that handle security and technology.

Target's sales, profit and stock prices have dropped in the wake of the massive breach. The retailer reported late last month that its fourth-quarter profit fell 46 percent on a revenue decline of 5.3 percent as the breach scared off customers.

Target disclosed on Dec. 19 that a data breach compromised 40 million credit and debit card accounts between Nov. 27 and Dec. 15. Then on Jan. 10 it said hackers also stole personal information - including names, phone numbers, and e-mail and mailing addresses - from as many as 70 million customers.