Target Data Breach Essay

1168 Words5 Pages
Target Data Breach
Charles Moore
American Military University

Target a large retail corporation that operates over 1,700 stores across the United States. They also operate as an online retailer at In 2012 the retailer earned more than $73 billion dollars in revenue and grew their sales by 5.1% from the previous year. Looking at the revenue and sales growth rate it is hard to fathom that more money could not be spent to ensure that consumer data is protected as much as possible. As information security specialists one of the worst things that can happen is our network gets infiltrated and customer information is stolen. On December 19, 2013 Target released a statement stating that they have had an information
…show more content…
The following day they deployed their card stealing malware onto the POS systems. On December 11 the attackers are first discovered and on the 15th of December they were removed from the network. December 19th Target acknowledge the breach to the public and details started coming to light on the sophistication of the attack (Jarvis & Milletary, 2014).
After two months of investigating it was determined that Target had allowed their HVAC vendor access to their networks. This HVAC account that was created had been compromised and allowed hackers onto the Target’s network (Mlot, 2014). Once on the network the attackers made their way to change user accounts that were already on the system and gave them elevated privileges. Target utilizes BMC management software that creates and utilizes a Best1_user account to authenticate the management software to the network. This account when installed onto the system is not added to any groups and is locked down to only authenticate the BMC services necessary (“29 new clues,” 2014).
Once on Target’s network with elevated privileges the attackers were able to launch malware to the POS systems that would capture the credit card information of the consumers as they swiped their cards to pay for their items. They launched a second piece of malware that that would take the captured information and move it to a dump server on the internal network. Once the information was on the dump server it them
Open Document