Target Hack

Jarvis, K., & Milletary, J. (2014, January 24). Inside a targeted point-of-sale data breach. Retrieved from http://krebsonsecurity.com/wp-content/uploads/2014/01/Inside-a-Targeted-Point-of-Sale-Data-Breach.pdf

The Home Depot and Target have been one of the many retail establishments cyber attack breaches that have being targeted by cyber attackers. The Home Depot was the target of a cyberattack payment card system breach where their credit card information was basically stolen on September of 2014. The attacked occurred by attackers gaining third party credentials in order to gain access to the system, after they gained access to the system they weakened the system gaining their own access privileges. After doing all the mentioned above, malware was installed quickly on Home Depot’s self-check-out system. All these steps where taking by the cyber attackers resulting in the loss of more than fifty million credit card accounts and email addresses.

On Dec 19, 2013 Target Corporation announced to the world that they had suffered a major data security breach. Due to Target Corporations poor stance on network security, hackers were able to steal over 40 million payment card records, encrypted PINs and 70 million customer records during the Black Friday sales week. Initial reports indicated that it was malware placed on their Point of Sales (POS) system, but that was just the tip of the iceberg of the breach. If there had been better security from the start this breach could have been avoided or greatly reduced.

This paper will present a report that will assist with determining the controls required to implement to ensure that data are secure for the Northcentral University. This paper will summarize the security breaches of the Target Store Corporation over the previous year and make recommendations in the form of information technology security best practices to strengthen the University’s infrastructure.

In December 2013, Target was attacked by a cyber-attack due to a data breach. Target is a widely known retailer that has millions of consumers flocking every day to the retailer to partake in the stores wonders. The Target Data Breach is now known as the largest data breach/attack surpassing the TJX data breach in 2007. “The second-biggest attack struck TJX Companies, the parent company of TJMaxx and Marshall’s, which said in 2007 that about 45 million credit cards and debit cards had been compromised.” (Timberg, Yang, & Tsukayama, 2013) The data breach occurred to Target was a strong swift kick to the guts to not only the retailer/corporation, but to employees and consumers. The December 2013 data breach, exposed Target in a way that many

My bank reported both my husband and my bank-issued debit cards identified as compromised by the Target data breach. No dates or amounts given. We had to search our bank transactions over the holiday season to see how much was taken from us. Being a victim of card fraud is such a stressful thing to go through, I have had it happen to me 4 different times with 3 different banks. Being an employee at Target, they do not have a front-line policy and procedure for employees to follow to help prevent consumer card fraud. It is against Target’s policy to ask for identification, but if they were to ask for ID, the fraud could have easily been prevented. We had 2 transactions for over $1,000 purchases of gift and pre-paid cards

During the last Christmas season, Target announced that their data security was breached. According to David Lazarus in Los Angeles Times, Target stated that roughly 110 million customers’ information was illegally taken from their database. The information included their credit/debit card info, phone numbers, and email addresses. Target is one of the most popular grocery stores in the U.S.; they have a substantial amount of consumers. Because of this incident, consumers' trusts for the store have been decreasing. Worrying about losing its customers, the company offered a free year of credit monitoring and identity-theft protection, so the customers will feel more secure. Not only Target, some other large retailers also faced the same issues. They want their customers to trust that the companies can protect private data. However, should we not worry? Data breaches have been going on for about a decade, but we have not seriously thought about the issue. In order to protect people’s privacy, the federal government should make new laws concerning companies’ handling of customer information.

The Target Corporation has undergone many changes due to the 2013 security breach where hackers stole personal information from credit and debit cards of at least 70 million customers. Target sales and reputation has dropped from this instance, thus eliciting changes in their security systems, changes in management, and a few policy changes in handling customer information. With the public eye on the corporation’s handling of the situation, Target has been communicating these changes through various means. The changes they needed to communicate were informing customers of the security breach, addressing the bad press coverage to shareholders, downsizing of employees, and

The Security breach that hit Target in 2014 was one of the worst ever. It exposed names, addresses, phone numbers, credit and debit cards information’s of 70 million customers. Target informed that all transactions and customers’ information between Nov.27 to Dec. 15 2014 were stolen on the attack by hackers. This attack affect millions and the giant store as well losing money when their sales declined to 2.5 percent. Target had to email all affected customers and help all of them with their own credit monitoring by offering free credit monitoring and identity theft protection and also make them no liable to any fraudulent purchase after the breach. It was a big deal and it was all over the news. Two suggestions I would give is one, add a protocol

In December 2013, the CEO, Gregg Steinhafle, of Target announced that their company was affected by a data breach that occurred between November 27 and December 15, 2013. “Target disclosed that online thieves hacked into its computer system, stealing credit card or personal information from more than 100 million customers. Both personal data and credit card information may have been stolen from about 12 million people” (Abrams, 2014). The outcome of this breach has cost Gregg Steinhafle his job, as well as the trust of Target’s consumers, investors, and close to $150 million in breach-related costs. This breach is considered one of the largest retail data breaches in U.S. history due to the amount of personal data and credit card

The cause of this data leak was a well-executed plan of attack by using and exfiltration malware program that moved customer’s stolen credit card numbers and details into drop locations and then the hackers retrieved the data from these locations spread all over the US. However despite FireEye (Targets $1.6 million malware detection tool) spotting this malware and notified the security team as says *** “Nothing happened”. This non-responsive action to the 11GB worth of data being leaked from their mainframes. As a result of this Target experienced more than 140 lawsuits filed towards them by customers and banks due this negligence and compensatory damages. The total costs exceeding $61 million responding to the breach and Targets profit during the Christmas period had fell 46%. Target was not the only victim to this data breach it caused banks to refund customers more than $200 million due to their stolen money by these hackers. Furthermore many customers were experiencing identity theft, this being a major implication for all individuals affected this data breach as now many customers will need new credit card details and identity to be fixed by this data

The PC screening qualities of the project incorporates working impalpably and subtle at each desktop without influencing the focal arrangement of the machine source, follows all customer correspondences, screens and check all keystroke activities despite of the projects used, outlines all data into intelligible reports, and gives complete data connected to specific specialist exercises with customized providing details regarding a laborer's PC. The use of system approved by Interguard and Webwatchers stores, screens and, deals with the target Pcs web destinations went to, email, and web mail, immediate messages, talks, keystrokes entered, program utilization, GPS locales, web surfing, programming use, development of private data deleted, and recouped critical information.

The Target data breach remains one of the most notable breaches in history, it was the first time a CEO of a major corporation was fired due to a security event. The breach received an enormous amount of attention, it caused corporations and individuals to change the way they think about information security and data protection. Between Thanksgiving and Christmas 2013 hackers gained access to 40 million customer credit cards and personal data of 70 million Target customers. The intruders slipped in by using stolen credentials and from there gained access to vulnerable servers on Targets network to launch their attack and steal sensitive customer data from the POS cash registers. All this occurred without a response from Targets security operations center, even though security systems notified them of suspicious activity. The data was then sold on the black market for an estimated $53 million dollars. However, the cost to Target, creditors, and banks exceeded half of a billion dollars. This report will review how the infiltration occurred, what allowed the breach to occur including Targets response, and finally who was impacted by the security event.

Once Target released the breach to the public, sales dropped. The company attempted to attract skeptical customers to shop by offering a 10 percent discount on purchases in its stores the weekend before Christmas, but the damage to customer loyalty appeared in the latest sales figures. Target reportedly spent a significant amount of money on security technology (Capacio, 2014). Although systems used encryption, the encryption was presented ineffective because the data was entered in memory where it was unencrypted. For encryption to be effective, the company must hire a defense in depth strategy in which they can also defend the key and protect access to systems where the data needs to be unencrypted in order to be processed (Ferguson, Schneieir,