Cyber Security : Target Corporation

Decent Essays
On Dec 19, 2013 Target Corporation announced to the world that they had suffered a major data security breach. Due to Target Corporations poor stance on network security, hackers were able to steal over 40 million payment card records, encrypted PINs and 70 million customer records during the Black Friday sales week. Initial reports indicated that it was malware placed on their Point of Sales (POS) system, but that was just the tip of the iceberg of the breach. If there had been better security from the start this breach could have been avoided or greatly reduced.
Target Corporation was notified by the Secret Service that they had been the victim of a cybercrime about two weeks before Christmas of 2014. During the investigation, it was discovered that on November 12, 2013 hackers were able to breach their networks through a third party remote access system. Because there was no network segmentation of the Target network, the doors were left open for third party access to the rest of its internal networks. This was in violation of the Payment Card Industry 's Data Security Standard (PCI-DSS) policy stating the isolation of cardholder data from the rest of the companies network (Lemos, 2014).
The first system to be breached was the system used for electronic billing, contract submission and project management. This system had only one user who had remote access to it, and the company was Fazio Mechanical, a subcontractor with Target. Fazio Mechanical is a
Get Access