Target's cybersecurity staff urged the retailer to review the security of its payments system at least two months before hackers compromised its network, according to a report in the Wall Street Journal.
At least one Target intelligence analyst recommended that the store conduct an in-depth review of its payment systems' vulnerability to malware, a former employee told the Journal. But Target initially postponed the review, leaving it exposed to the attack that compromised 40 million cardholders' credit and debit card numbers and 70 million customers' phone numbers and email addresses.†
Target was updating its payment terminals at the time of the warning, "a process that can open security risks because analysts would have had less time to find holes in the system," according to the Journal. The retailer was also preparing for the holiday rush season.
Target did not immediately respond to a request for comment or confirmation.
The hackers behind the data breach appear to have plotted the attack for months in advance, according to an article published this week by security expert Brian Krebs, who first broke the news of the Target data breach. The fraudsters used the password of a heating, ventilation and air conditioning vendor, Fazio Mechanical Services, to penetrate Target's network, according to Krebs.