After so many years, and so many laws to regulate data security, why haven’t the stories changed?
Slate has relationships with various online retailers. If you buy something through our links, Slate may earn an affiliate commission. We update links when possible, but note that deals can expire and all prices are subject to change. All prices were up to date at the time of publication.by Daniel J. Solove and Woodrow Hartzog. Copyright © 2022 by Danial J. Solove and Woodrow Hartzog and published by Oxford University Press. All rights reserved.
Sometimes the thing we are looking for is right in front of us and yet we still don’t see it. A great novella by Gabriel García Márquez calledbegins with the vicious fatal stabbing of the main character. The rest of the story reveals that all the warning signs about the murder were in plain sight yet ignored by everyone. The murder was readily preventable—but, because of human nature, it was almost inevitable.The story of most data breaches follows the same pattern.
A common narrative told to the public is that this entire debacle could be traced to just one person who let the hackers slip in. In caper movies, the criminals often have an inside guy who leaves the doors open. But the person who let the hackers into Target wasn’t even a Target employee and wasn’t bent on mischief. The person worked for Fazio Mechanical, a Pennsylvania-based HVAC company, a third-party vendor hired by Target.
With access to Target, the hackers unleashed a different malware program, one they bought on the black market for just a few thousand dollars. Experts such as McAfee director Jim Walker characterized the malware as “absolutely unsophisticated and uninteresting.” At first, the malware went undetected, and it began compiling millions of records during peak business hours. This data was being readied to be transferred to the hackers’ location in Eastern Europe. But very soon, FireEye flagged the malware and issued an alert. Target’s security team in Bangalore noted the alert and notified the security center in Minneapolis. But the red light was ignored.FireEye flagged as many as five different versions of the malware.