By Dow Jones Business News,
January 21, 2014, 01:51:00 PM EDT
By Paul Ziobro
Target Corp. shut down remote access to two websites used by employees and suppliers in a move to tighten security
following a massive breach of customer data over the holidays.
One system is a human resources website for employees called eHR. The other is a database called Info Retriever
that suppliers use to access sales data for their products in Target. Info Retriever came back online for external users
last week, according to company emails sent to suppliers that were reviewed by The Wall Street Journal.
Target spokeswoman Molly Snyder said limiting access was part of the company's response to the data breach, where
information from 40 million credit and debit cards and personal data of 70 million customers were stolen over more than
two weeks in late November and early December.
"We are taking extra precautions such as limiting or updating access to some of our platforms while the
investigation continues," Ms. Snyder said in an email.
Target has been investigating the breach after the retailer confirmed in mid-December that hackers uploaded
malicious software into its system to steal the information. A key question is how the malware entered the system.
Possible entry points include luring an unsuspecting employee into clicking on an infected link through a fake
email designed to look legitimate, according to several security experts. Another potential scenario, according to
experts, is for the attackers to find a vulnerability in one of Target's internal websites through which the hackers
could connect with the company's other networks.
Target didn't completely shut down the two systems. While the sites were blocked from outside computers, employees
could access eHR at in-store kiosks. It is unclear how many of Target's more than 350,000 employees have access to the
site, which is where employees can update their personal information, sign up for direct deposit and request time off.
The supplier database, meanwhile, went offline on Dec. 19, the day that Target publicly disclosed that it had been
subject to an attack, saying that it was due to maintenance, according to an email reviewed by the Journal. Two
suppliers who received emails on the matter said there was never any indication that the outage was tied to the data
Suppliers use the Info Retriever website to determine the pace of sales and when they may need to restock. With the
website, suppliers can to sift through data themselves to see how sales of their products are doing.
When the site went down, the retailer informed suppliers they could request sales data directly from Target,
according to an email Target sent to suppliers that was reviewed by the Journal.
The blocked access upset some suppliers, who had a harder time monitoring sales of their products during the peak
holiday time and as Target's sales were slumping, according to an executive at a supplier. Immediately after the breach,
customers started to spend less at Target. The company said that sales turned "meaningfully" weaker right away but
started to recover in early January.
There are other systems available for suppliers to track their sales, but Info Retriever was one that had
information coming directly from Target.
Write to Paul Ziobro at Paul.Ziobro@wsj.com
Subscribe to WSJ: http://online.wsj.com?mod=djnwires
(END) Dow Jones Newswires
Copyright (c) 2014 Dow Jones & Company, Inc.