Target: The Largest Data Breach/Attack Essay

1215 Words5 Pages
In December 2013, Target was attacked by a cyber-attack due to a data breach. Target is a widely known retailer that has millions of consumers flocking every day to the retailer to partake in the stores wonders. The Target Data Breach is now known as the largest data breach/attack surpassing the TJX data breach in 2007. “The second-biggest attack struck TJX Companies, the parent company of TJMaxx and Marshall’s, which said in 2007 that about 45 million credit cards and debit cards had been compromised.” (Timberg, Yang, & Tsukayama, 2013) The data breach occurred to Target was a strong swift kick to the guts to not only the retailer/corporation, but to employees and consumers. The December 2013 data breach, exposed Target in a way that many…show more content…
According to Krebs (2014), “credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers. Investigators who examined the malware quickly noticed that it was designed to move data stolen from Target’s (then malware-infected) cash registers to a central collection point on Target’s network, a Windows domain called ”\\TTCOPSCLI3ACS\”. Regulatory and Industry Standards Target, as a whole, is huge corporation/business. As a business, in order to stay open and run functionally, Target has to abide by regulatory and/or industry standards. The two regulatory and industry standards that are required for any financial, retailer, and/or business is Payment Card Industry Data Security Standard (PCI DSS) and Gramm-Leach-Bliley Act (GLBA). PCI DSS is a global industry standard while GLBA is a government regulatory standard. Target has to abide by PCI DSS and GLBA. According to Kim & Solomon (2014), PCI DSS affects any organization that processes or stores credit card information. The PCI DSS is a comprehensive security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. GLBA requires that financial institutions provide their clients a privacy notice that explains what information the company gathers about the client, where the information is
Open Document