The Breach Of Target Security Breach Incident Response

1447 Words6 Pages
In December 2013, the CEO, Gregg Steinhafle, of Target announced that their company was affected by a data breach that occurred between November 27 and December 15, 2013. “Target disclosed that online thieves hacked into its computer system, stealing credit card or personal information from more than 100 million customers. Both personal data and credit card information may have been stolen from about 12 million people” (Abrams, 2014). The outcome of this breach has cost Gregg Steinhafle his job, as well as the trust of Target’s consumers, investors, and close to $150 million in breach-related costs. This breach is considered one of the largest retail data breaches in U.S. history due to the amount of personal data and credit card…show more content…
By hiding the malware, the security team at Target would not easily pick up the breach on the server. One of the largest issues with this data breach is, just six months prior, Target had installed “a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon” (Riley, Elgin, Lawrence, & Matlack, 2014). The problem was not the software, it was a lack of reaction by Target’s security team located in Minneapolis. Once the credit card and personal information was stored, the hackers moved the information to various locations throughout the U.S. before sending the data to their computers in Russia. On December 12, 2013, Federal investigators notified Target of a massive data breach; and on December 15, 2013, Target confirmed and eradicated the malware, after all of the credit card and personal information had been stolen. Security Flaws The biggest security flaw of this breach was the lack of concern by the security team regarding the vulnerability that was detected by the malware detection software. The company, FireEye, had installed the $1.6 million malware detection tool, notified the Target security team of a possible breach of data on November 30, 2013, only three days after the malware software had begun to collect customer data. This had allowed the Target security team enough time to begin to research
Open Document