NEW YORK – Target Corp. said in its annual report that a massive security breach had hurt its image and business, while spawning dozens of legal actions, and it noted it couldn’t estimate how big the financial tab will end up being.
The disclosure Friday with the Securities and Exchange Commission came as the nation’s second-largest discounter said separately that security software picked up on suspicious activity after a cyberattack was launched, but it decided not to take immediate action.
The acknowledgment comes after Bloomberg Newsweek reported Thursday that Target’s security team in Bangalore received security alerts Nov. 30 that indicated malicious software had appeared in its network. It then flagged the security team at its home office in Minneapolis.
Like any large company, each week at Target there are a vast number of technical events that take place and are logged, Target spokeswoman Molly Snyder said in a statement.
Through our investigation, we learned after these criminals entered our network, a small amount of their activity was logged and surfaced to our team. That activity was evaluated and acted upon. Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow-up.
She added, With the benefit of hindsight, we are investigating whether, if different judgments had been made, the outcome may have been different.
Shares of Target closed down 37 cents at $59.36. Shares are down 6 percent since the breach was disclosed.