New York -- Target Corp. acknowledged its security software picked up on suspicious activity after a cyber attack was launched, but it decided not to take immediate action. The chain also advised that its security breach last year could be even more extensive than reported so far, Reuters reported.
"Our investigation of the matter is ongoing and it is possible that we will identify additional information that was accessed or stolen, which could materially worsen the losses and reputational damage we have experienced," the company said in its 10-K annual report filed with the Securities and Exchange Commission on Friday.
On Thursday, Bloomberg reported Target's security team in Bangalore, India, received security alerts on Nov. 30 that suggested malicious software had appeared in its network. It then flagged the security team at its home office in Minneapolis.
"Like any large company, each week at Target there are a vast number of technical events that take place and are logged," said Target spokeswoman Molly Snyder in a statement. "Through our investigation, we learned after these criminals entered our network, a small amount of their activity was logged and surfaced to our team. That activity was evaluated and acted upon. Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow up. "
She added: "With the benefit of hindsight, we are investigating whether, if different judgments had been made, the outcome may have been different."