Target Corp., testifying before Congress on Wednesday about a data breach that affected millions of customers, told lawmakers it had clues about the attack weeks before responding and is exploring why it took so long to react.
Sometime after intruders entered Target’s systems on Nov. 12, their activities were detected and evaluated by security professionals, according to remarks Chief Financial Officer John Mulligan submitted to a U.S. Senate panel. The company was later alerted to suspicious activity by the U.S. Justice Department, leading to an internal investigation that confirmed a breach on Dec. 15.
“We are asking hard questions about whether we could have taken different actions before the breach was discovered that would’ve resulted in different outcomes,” Mulligan told the panel. “In particular, we are focused on what information we had that could have alerted us to the breach earlier; whether we had the right personnel in the right positions; and ensuring that decisions related to operational and security matters were sound.”
The testimony follows a report that Target ignored warnings from its hacker-detection tools, leading to a breach that compromised 40 million credit card numbers — along with 70 million addresses, phone numbers and other pieces of personal information.
Several senators on the panel criticized Target’s management for not reacting sooner to warnings from sophisticated anti-hacking systems.