PROVO — An investigative report from Bloomberg Businessweek has uncovered surprising facts about the “biggest retail hack in U.S. history.”

For starters, Target received alerts that the crime was taking place, yet it did nothing about it. And in a bizarre local twist, one of three servers used to store the stolen data was located in Provo, the article said.

According to Bloomberg, the malware that enabled the crime was installed last year just before Thanksgiving. Though experts say the malware lacked sophistication, it was designed efficiently enough to steal card information from all of Target’s 1,797 stores.

In the wake of the data breach, many shoppers assumed Target had been lax in its security. A common theory was the store had been relying on an antiquated system.

As reported by Bloomberg, however, the fatal flaw in Target’s security wasn’t in its technological preparation. In fact, six months prior to the hack, Target began installing a state-of-the-art malware detection system designed by a security firm called FireEye. Other FireEye customers include the Pentagon and the CIA.

A team of specialists was assigned to monitor Target’s computers and if anything suspicious occurred, they would immediately alert Target’s main operations center in Minneapolis.

Related:

Utah law firm files class action suit against Target over security breach

A local law firm is filing a class action lawsuit against retail giant Target following a massive security breach during the busiest shopping season of the year.

Target’s $1.6 million investment in FireEye initially paid off, when the security tool spotted hacker activity on Nov. 30 and a warning was sent to Minneapolis. Unfortunately, the security team in Minneapolis did nothing about it. Additional alerts were sent on Dec. 2 and were also met with inaction from Target’s team. As described in the scathing Bloomberg report: “Target stood by as 40 million credit card numbers — and 70 million addresses, phone numbers, and other pieces of personal information — gushed out of its mainframes.”

This is why the story of Target’s breach is downright odd, the article points out. The company was actually leading the charge for system security and was one of the best-equipped retailers in the country.

Yet, human error trumps even the best technological preparation. Insiders speculate that the newness of the FireEye system may have led employees in Target’s operations center to doubt the accuracy of the alerts sent during the breach. They may have ignored as many as five system alerts from FireEye. Even when their less advanced Symantec antivirus system flagged the malware around Thanksgiving, they did nothing.

Target’s chief information officer, Beth Jacob, resigned in the wake of the breach. But it appears the blame can easily be shared by hundreds of individuals on the store’s security team.

The stolen data began moving out of Target’s network on Dec. 2. The malware only sent data between 10 a.m. and 6 p.m. Central Standard Time. Bloomberg reports this was probably done “to make sure the outbound data would be submerged in regular working-hours traffic.”

Rather than send it straight to their home base in Russia, the hackers initially routed it to three servers located in the United States. Using staging points like this is a common tactic hackers use to cover their tracks. One of the servers was located in Provo. The other two were located in Ashburn, Va., and Los Angeles.

The hackers made daily pickups from the servers and by the time Target realized what was happening, it was too late.

Target is still reeling from the security breach. Consumer trust has plummeted and the store has been forced to spend $61 million trying to undo the damage. As for FireEye, the maker of the security system that actually worked, its stock value has doubled.

Grant Olsen joined the KSL.com team as a contributor in 2012. He covers outdoor adventures, travel, product reviews and other interesting things. You can contact him at grantorrin@gmail.com.

Related topics