Home Depot Data Breach
Background on the 2014 Home Depot Data Breach
Home depot was the target of a cyberattack on their information system infrastructure that lasted from April of 2014 to September of 2014. As a result of the attack and following data breach, 56 million credit-card accounts and 53 million email addresses were stolen. (“Home Depot Hackers Exposed 53 Million Email Addresses”) The cyberattack involved several steps. First, the attackers gained third party credentials allowing them into the system. Next they exploited an unknown weakness in the system that allowed for the attackers to elevate their own access privileges. Finally, they installed malware on Home Depot’s self-checkout systems in the U.S. and Canada, allowing
…show more content…
The costs that the company will incur can be broken down into six different categories: investigation and remediation, notification, identify theft and credit monitoring, disruptions in normal business operations, and lost business. Investigation costs involve those related to examining how and why the data was compromised, and remediation costs relate to the costs incurred to set up safeguards. Home Depot’s pre-tax expense relating to investigation and remediation was $43 million in the third quarter of 2014 alone. Notification costs relate to notifying the relevant individuals, regulators, and media personnel. Simply mailing notification letters, at 49 cents per stamp, equates to a $27.44 million expense. Costs relating to identify theft and credit monitoring include the cost of identity theft protection for each of the victims. Assuming $10 per victim, this results in a $560 million cost for Home Depot. Disruptions to Home Depot’s normal business operations include the opportunity cost of the reduced investments in the company’s operations, as well as reduced time on standard business activities. This cost is estimated to be $20 per victim. Home Depot will likely lose business due to customers being scared away, and the related cost is approximately $30 per victim. Finally, lawsuits relating to the data breach are expected to incur $3 billion in expenses for Home Depot. 44 suits have already surfaced since the cyberattack. (“Home Depot: Will
A direct cyberattack in 2014 to JPMorgan Chase caused a compromised of accounts effecting a total of 76 million households and seven million small businesses. We are clearly, in times when consumer confidence in the digital operations of corporate America is on shaky ground. In directly, banking is taking the brunt of the fallout but major stores also have breaches which of course are directly related to their financial data. Store like, Target, Home Depot and a number of other retailers have experienced major data breaches. 40 million cardholders and 70 million others were compromised at Target alone in 2013 and an attack at Home Depot in September, 2013 affected 56 million cardholders.
During the last Christmas season, Target announced that their data security was breached. According to David Lazarus in Los Angeles Times, Target stated that roughly 110 million customers’ information was illegally taken from their database. The information included their credit/debit card info, phone numbers, and email addresses. Target is one of the most popular grocery stores in the U.S.; they have a substantial amount of consumers. Because of this incident, consumers' trusts for the store have been decreasing. Worrying about losing its customers, the company offered a free year of credit monitoring and identity-theft protection, so the customers will feel more secure. Not only Target, some other large retailers also faced the same issues. They want their customers to trust that the companies can protect private data. However, should we not worry? Data breaches have been going on for about a decade, but we have not seriously thought about the issue. In order to protect people’s privacy, the federal government should make new laws concerning companies’ handling of customer information.
The Target Corporation has undergone many changes due to the 2013 security breach where hackers stole personal information from credit and debit cards of at least 70 million customers. Target sales and reputation has dropped from this instance, thus eliciting changes in their security systems, changes in management, and a few policy changes in handling customer information. With the public eye on the corporation’s handling of the situation, Target has been communicating these changes through various means. The changes they needed to communicate were informing customers of the security breach, addressing the bad press coverage to shareholders, downsizing of employees, and
Home Depot may be the first stop for home change needs. Be that as it may, prior in 2014, it succumbed to digital thieves who stole up to 60 million card details. The assaults continued for five months prior to they were found. In September 2014, the organization said that any individual who utilized a Visa to shop in the U.S. on the other hand Canada over a six month period could have been a casualty. At the time, Home Depot CEO Frank Blake called security a "noteworthy issue" and attempted to console clients by saying the retailer had reinforced its lines of barrier.
In 2013, target corporation experienced a serious data breach where its security, as well as the payment system,was breached. The security breach was so intense in which case; it compromised over 40 million credit as well as debit card numbers. Furthermore, 70 million phone numbers, addresses, and other personal information was affected(Krebs, 2014).The attack was made without the knowledge of Target Corp. until mid-December when the department of defense notified the company that its system was being attacked. One problem that came out clear, in this case, was the fact that Target Corp. had been notified of the attack
What do Premara Blue Cross, Anthem, Chick-fil-A, Sony, USPS, MCX, Staples, Kmart, Dairy Queen, SuperValue, Jimmie John's, Viator, Home Depot, PF Chang's, Community Health Systems, and JP Morgan all have in common? Each of these companies were hacked during 2014-2015. Sadly, this is just a short list showing the breadth of industries and size of operations that are vulnerable. According to Time Magazine in March, 2015, "You're not just imagining it: Lately, a new data breach has been reported almost every week."
This paper explores seven references that report the results from research conducted on-line regarding the 2013 Target breach. According to the website “Timeline of Target 's Data Breach And Aftermath: How Cybertheft Snowballed For The Giant Retailer” (2015), the breach occurred November and December 2013 in which customers who shopped at Target locations credit and debit cards were breached and their personal information was exposed. Upon their investigation, it was determined their point of sale system was hacked. “Wikipedia” states point of sale system which is used by third party vendors has cash registers as well as barcodes which stores customer’s information. The website “What is Packet Sniffer” (2016), Packet Sniffing may have been a way the attacked happened. “RAM Scraping Attack” website indicates what RAM means and how this type of attack happens. “What is a Firewall in Networking and How They Protect Your Computers” (2014), “What is Endpoint Security? Data Protection 101” and “Why SSL? The Purpose of using SSL Certificates” websites each provide ways to reduce and/or prevent future attacks.
This paper explores seven references that report the results from research conducted on-line regarding the 2013 Target breach. According to the website “Timeline of Target 's Data Breach And Aftermath: How Cybertheft Snowballed For The Giant Retailer” (2015), the breach occurred November and December 2013 in which customers who shopped at Target locations credit and debit cards were breached and their personal information was exposed. Upon their investigation, it was determined their point of sale system was hacked. “Wikipedia” states point of sale system which is used by third party vendors has cash registers as well as barcodes which stores customer’s information. The website “What is Packet Sniffer” (2016), Packet Sniffing may have been a way the attacked happened. “RAM Scraping Attack” website indicates what RAM means and how this type of attack happens. “What is a Firewall in Networking and How They Protect Your Computers” (2014), “What is Endpoint Security? Data Protection 101” and “Why SSL? The Purpose of using SSL Certificates” websites each provide ways to reduce and/or prevent future attacks.
The Target Corporation was exploited in December 2013 and then again in 2015. These breaches included customer’s personal identifying information and retailer’s data. This credit card data breach is a prime example of weak security and infrastructure. This breach happened over the course of one of the United States’ major holiday seasons, Christmas. The security issue involved hackers accessing Target’s customer 's credit and debit cards by the machines that were being used to swipe the cards. These hackers accessed Target’s network with a stolen username and password from a company that was providing refrigeration and HVAC services. This company could access Target’s network `remotely to monitor energy consumption and temperatures. With that, the hackers uploaded malware software on the Target’s credit card machines. The customer data hack happened across the nation, and it was performed in stores and not an online breach of Target customer information.
One of the largest issues with this data breach is, just six months prior, Target had installed “a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon” (Riley, Elgin, Lawrence, & Matlack, 2014). The problem was not the software, it was a lack of reaction by Target’s security team located in Minneapolis. Once the credit card and personal information was stored, the hackers moved the information to various locations throughout the U.S. before sending the data to their computers in Russia. On December 12, 2013, Federal investigators notified Target of a massive data breach; and on December 15, 2013, Target confirmed and eradicated the malware, after all of the credit card and personal information had been stolen.
On Dec 19, 2013 Target Corporation announced to the world that they had suffered a major data security breach. Due to Target Corporations poor stance on network security, hackers were able to steal over 40 million payment card records, encrypted PINs and 70 million customer records during the Black Friday sales week. Initial reports indicated that it was malware placed on their Point of Sales (POS) system, but that was just the tip of the iceberg of the breach. If there had been better security from the start this breach could have been avoided or greatly reduced.
From November 27 to December 15, 2013 Target Corporation released 70 million customers’ personal information. On average, it takes companies 200 days to uncover they are being hacked (Lunden, 2015). It only took Target 12 days to figure out the crisis that began happening. On December 19, Target originally said only 40 million credit and debit card accounts may have been compromised during Black Friday weekend to December 15. “The information stolen included customer names, credit or debit card number, and the card’s expiration date and CVV” (McGrath, 2014). Although Target never clarified how they were hacked, security experts say that hackers targeted their POS system. “Target spent $61 million through Feb. 1 responding to the breach, according
Jarvis, K., & Milletary, J. (2014, January 24). Inside a targeted point-of-sale data breach. Retrieved from http://krebsonsecurity.com/wp-content/uploads/2014/01/Inside-a-Targeted-Point-of-Sale-Data-Breach.pdf
The Target data breach remains one of the most notable breaches in history, it was the first time a CEO of a major corporation was fired due to a security event. The breach received an enormous amount of attention, it caused corporations and individuals to change the way they think about information security and data protection. Between Thanksgiving and Christmas 2013 hackers gained access to 40 million customer credit cards and personal data of 70 million Target customers. The intruders slipped in by using stolen credentials and from there gained access to vulnerable servers on Targets network to launch their attack and steal sensitive customer data from the POS cash registers. All this occurred without a response from Targets security operations center, even though security systems notified them of suspicious activity. The data was then sold on the black market for an estimated $53 million dollars. However, the cost to Target, creditors, and banks exceeded half of a billion dollars. This report will review how the infiltration occurred, what allowed the breach to occur including Targets response, and finally who was impacted by the security event.
In December 2013, Target was attacked by a cyber-attack due to a data breach. Target is a widely known retailer that has millions of consumers flocking every day to the retailer to partake in the stores wonders. The Target Data Breach is now known as the largest data breach/attack surpassing the TJX data breach in 2007. “The second-biggest attack struck TJX Companies, the parent company of TJMaxx and Marshall’s, which said in 2007 that about 45 million credit cards and debit cards had been compromised.” (Timberg, Yang, & Tsukayama, 2013) The data breach occurred to Target was a strong swift kick to the guts to not only the retailer/corporation, but to employees and consumers. The December 2013 data breach, exposed Target in a way that many