The Breach Of Target Security Breach Incident Response

Even though Target is ranked currently 36 in the fortune 500 companies and have over 1750 stores, they are still very susceptible to being a victim of a cyber attack. In 2013, Target fell victim to a security breach on their system. Roughly around Thanksgiving of 2013, someone had installed malware in Target’s security and payment system enabling the hackers to steal credit card and personal information. “Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye, whose customers also include the CIA and the Pentagon.” (BloombergBusiness) In place was a very effective security system. However, when the attacked happen on November 30, FireEye spotted the hackers and Bangalore (a third party cyber security company hired by Target) that alerted the IT team at corporate office in Minneapolis. There was no response from Target’s Corporate IT team and therefore led to 40 million credit card numbers and 70 million addresses, phone numbers and other personal

Even though Target is ranked currently 36 in the fortune 500 companies and have over 1750 stores, they are still very susceptible to being a victim of a cyber attack. In 2013 Target fell victim to a security breach on their system. Roughly around Thanksgiving of 2013 someone had installed malware in Target’s security and payment system enabling the hackers to steal credit card and personal information. “Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye, whose customers also include the CIA and the Pentagon.” (BloombergBusiness) In place was a very effective security system, but when the attacked happen on November 30, FireEye spotted the hackers and Bangalore, a third party cyber security company hired by Target alerted the IT team at corporate office in Minneapolis. There was no response from Target’s Corporate IT team and therefore led to the 40 million credit card numbers and 70 million addresses, phone numbers

During the last Christmas season, Target announced that their data security was breached. According to David Lazarus in Los Angeles Times, Target stated that roughly 110 million customers’ information was illegally taken from their database. The information included their credit/debit card info, phone numbers, and email addresses. Target is one of the most popular grocery stores in the U.S.; they have a substantial amount of consumers. Because of this incident, consumers' trusts for the store have been decreasing. Worrying about losing its customers, the company offered a free year of credit monitoring and identity-theft protection, so the customers will feel more secure. Not only Target, some other large retailers also faced the same issues. They want their customers to trust that the companies can protect private data. However, should we not worry? Data breaches have been going on for about a decade, but we have not seriously thought about the issue. In order to protect people’s privacy, the federal government should make new laws concerning companies’ handling of customer information.

The Target Corporation has undergone many changes due to the 2013 security breach where hackers stole personal information from credit and debit cards of at least 70 million customers. Target sales and reputation has dropped from this instance, thus eliciting changes in their security systems, changes in management, and a few policy changes in handling customer information. With the public eye on the corporation’s handling of the situation, Target has been communicating these changes through various means. The changes they needed to communicate were informing customers of the security breach, addressing the bad press coverage to shareholders, downsizing of employees, and

Target and its larger grocery-carrying incarnation, SuperTarget, have carved out a niche by offering more upscale, fashion-forward merchandise than rivals Wal-Mart and Kmart (Target, 2014). Target has had its share of problems in the past, one of the most infamous being the credit card breach in late 2013. Target informed the public that at least 40 million of its customer’s debit and credit card information had been hacked. In spite of the security breach Target is well known philanthropic actives.

“The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC (heating, ventilation and air conditioning) firm that did business with the nationwide retailer […].”

During the dates of November 27 through December 2013, the department store Target experienced a data breach in which approximately 40 million customers credit and debit cards were exposed. During this breach, customer’s personal information may have also been exposed for use of possible fraud. January

The Target Corporation was exploited in December 2013 and then again in 2015. These breaches included customer’s personal identifying information and retailer’s data. This credit card data breach is a prime example of weak security and infrastructure. This breach happened over the course of one of the United States’ major holiday seasons, Christmas. The security issue involved hackers accessing Target’s customer 's credit and debit cards by the machines that were being used to swipe the cards. These hackers accessed Target’s network with a stolen username and password from a company that was providing refrigeration and HVAC services. This company could access Target’s network `remotely to monitor energy consumption and temperatures. With that, the hackers uploaded malware software on the Target’s credit card machines. The customer data hack happened across the nation, and it was performed in stores and not an online breach of Target customer information.

The Home Depot and Target have been one of the many retail establishments cyber attack breaches that have being targeted by cyber attackers. The Home Depot was the target of a cyberattack payment card system breach where their credit card information was basically stolen on September of 2014. The attacked occurred by attackers gaining third party credentials in order to gain access to the system, after they gained access to the system they weakened the system gaining their own access privileges. After doing all the mentioned above, malware was installed quickly on Home Depot’s self-check-out system. All these steps where taking by the cyber attackers resulting in the loss of more than fifty million credit card accounts and email addresses.

This section primarily attempts to provide a better understanding as to how the 2013 data breach impacted Target’s finances. Because the breach occurred within Target’s fourth quarter 2013 period—between November 2, 2013, and February 1, 2014—financial analysis was gathered primarily from information provided in Target’s 2013 quarterly reports, 2012 and 2013 annual reports. This analysis will be divided into four parts. The first is an analysis of the company’s quarterly revenues and net earnings and how it measures year-over-year. The second assesses the company’s profitability through ratio analysis. The third segment gauges Target’s 2013 fiscal year performance with that of its biggest competitor, Walmart. The fourth and final segment looks at whether or not Target was able to regain its customers in the years that followed.

The following day they deployed their card stealing malware onto the POS systems. On December 11 the attackers are first discovered and on the 15th of December they were removed from the network. December 19th Target acknowledge the breach to the public and details started coming to light on the sophistication of the attack (Jarvis & Milletary, 2014).

Target has not disclosed much detail around the breach due to liability and legal issues but some information is available due to a leaked internal corporate report. The report included information by Verizon which was hired by Target to probe its networks for weaknesses days after the breach was

According to Krebs (2014), “credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers. Investigators who examined the malware quickly noticed that it was designed to move data stolen from Target’s (then malware-infected) cash registers to a central collection point on Target’s network, a Windows domain called ”\\TTCOPSCLI3ACS\”.

After reading the article about the Target data security breach and how Target handled the PR, I agree with the author’s stance on how bad Target handled the PR of the data security breach. Target didn’t tell anyone about the data security breach even though they knew, instead someone else broke the story. Target did the opposite of the five principles of crisis communication, Target knew about the issue but wasn’t prepared to go public with it or communicate the issue with the press and other constituencies, and be honest to the public about what is going on. Instead, somebody else had to break the news. Also, Target wasn’t clear what it was doing to remedy the issue and didn’t mean it instead Target states the typical speech every company makes “we are taking this issue seriously”.

Cyber security breaches have shown a spike in 2015, with large-scale compromises on companies like Target, Sony and Home Depot. There is a strong demand to deploy more robust cyber security tools to prevent future attacks. FireEye, a cyber-security firm, has started to fill the void and is reaping the rewards.