Target could have stopped the breachIt turns out that Target could have stopped the breach that impacted 110 million of its customers if the security team acted on alerts they received from both the company’s security software and antivirus system, according to Businessweek.

Why were the alerts ignored?

It’s unclear why Target’s security team chose to not respond to the alerts, however it’s clear that the retail giant had the necessary security technology, including a security software and antivirus system, to detect the breach.

In May of last year, Target installed a malware-detection security software called FireEye, which is also used by the Pentagon and CIA, that allows the software to delete any malware once it’s immediately detected. Unfortunately, the company’s security team disabled this function, which is apparently a common practice among security teams, according to Businessweek.

Even without the auto-delete function, Target’s security team still received alerts of the malware from both FireEye and Symantec Endpoint Protection — the retail giant’s antivirus system — warning them of the malware that infected a specific server. The team was alerted once the hackers installed the first version of the malware, and received even more alerts when the hackers installed more malware to the system, however no action was taken on Target’s part.

Similar to the Neiman Marcus breach, the Target hackers gave the software a similar name to a software used by numerous companies to conserve customers’ payment information.

How did the hackers gain access to Target’s system?

In mid-February, KrebsOnSecurity announced that the hackers gained access to Target’s system through a malware-laced email opened by an employee of a Pennsylvania-based refrigeration, ventilation and air-conditioning company working with Target. Once hackers gained access to the system, they were able to steal the payment information of 40 million customers who shopped at one of the 1,797 U.S. stores infected with the malware and the addresses, phone numbers and email addresses of 70 million additional customers.

What should consumers learn from the Target breach?

Target’s negligence may have jeopardized the identity of 110 of its customers, however there are two major lessons that all of Target’s customers should learn from the breach.

1. Your information may not be as safe as you think: Often times we as consumers assume that our personal information is safe whenever we give it to a business, however the reality is that it’s not always as safe as we would hope, as proven by the Target, Neiman Marcus and other security breaches.

That’s why it’s essential for consumers to ask questions when a business is asking for their personal information. Find out how the information is stored, who has access to it and what happens to it if you cancel your membership or stop using the business’ services. If the business can’t provide you with a privacy policy or information about how your information will be stored, then you should consider not giving them any of your information because, at the end of the day, paying a little more money for groceries or not getting points for your purchase is better than having to possibly deal with identity theft in the future.

2. Pay attention to alerts from security software: Both Target and Neiman Marcus did not take the appropriate action when they received alerts from their security systems concerning the hack, and their lack of action resulted in the exposure of millions of people’s information.

Even though a breach or malware attack on a consumer does not impact the number of people that a company breach does, it’s still important for consumers to remember that they need to pay attention to any alerts they receive from their Internet security software because it could protect you and your computer from falling victim to a malware or phishing attack. Be sure to take immediate action in response to the alert and follow the steps detailed by the security software.

If you were affected by the Target breach, follow these steps to make sure your identity stays safe and visit the identity theft protection blog to learn more tips on how to protect your identity.