The Importance Of Infrastructure Security By Analyzing One Of The Largest It Breaches

Even though Target is ranked currently 36 in the fortune 500 companies and have over 1750 stores, they are still very susceptible to being a victim of a cyber attack. In 2013 Target fell victim to a security breach on their system. Roughly around Thanksgiving of 2013 someone had installed malware in Target’s security and payment system enabling the hackers to steal credit card and personal information. “Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye, whose customers also include the CIA and the Pentagon.” (BloombergBusiness) In place was a very effective security system, but when the attacked happen on November 30, FireEye spotted the hackers and Bangalore, a third party cyber security company hired by Target alerted the IT team at corporate office in Minneapolis. There was no response from Target’s Corporate IT team and therefore led to the 40 million credit card numbers and 70 million addresses, phone numbers

During the last Christmas season, Target announced that their data security was breached. According to David Lazarus in Los Angeles Times, Target stated that roughly 110 million customers’ information was illegally taken from their database. The information included their credit/debit card info, phone numbers, and email addresses. Target is one of the most popular grocery stores in the U.S.; they have a substantial amount of consumers. Because of this incident, consumers' trusts for the store have been decreasing. Worrying about losing its customers, the company offered a free year of credit monitoring and identity-theft protection, so the customers will feel more secure. Not only Target, some other large retailers also faced the same issues. They want their customers to trust that the companies can protect private data. However, should we not worry? Data breaches have been going on for about a decade, but we have not seriously thought about the issue. In order to protect people’s privacy, the federal government should make new laws concerning companies’ handling of customer information.

Target Corporation is a retail chain specializing in household goods, clothing, food, and accessories at discounted prices. The retail chain’s history started back in 1902 as Goodfellows and in 1910 as The Dayton Company. Initially, the chain specialized in “furnishings, fabrics and decorations for business and other public institutions” (“Target Corporation,” 2016, p. 5). Eventually, Target went public in 1967 and on to acquire Mervyn’s in the 1970s where they became the seventh largest retailer in the United States. Target operates in the United States, where it is headquartered in Minneapolis, Minnesota and as of January 31, 2015 Target employs over 300,000 people. “The company recorded revenues of $72,618 million in the financial year ended January 2015, the operating profit of the company was $4,535 million, [and] the net profit was $2,449 million” (“Target

During the dates of November 27 through December 2013, the department store Target experienced a data breach in which approximately 40 million customers credit and debit cards were exposed. During this breach, customer’s personal information may have also been exposed for use of possible fraud. January 2014, Target

During the dates of November 27 through December 2013, the department store Target experienced a data breach in which approximately 40 million customers credit and debit cards were exposed. During this breach, customer’s personal information may have also been exposed for use of possible fraud. January

One of the largest issues with this data breach is, just six months prior, Target had installed “a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon” (Riley, Elgin, Lawrence, & Matlack, 2014). The problem was not the software, it was a lack of reaction by Target’s security team located in Minneapolis. Once the credit card and personal information was stored, the hackers moved the information to various locations throughout the U.S. before sending the data to their computers in Russia. On December 12, 2013, Federal investigators notified Target of a massive data breach; and on December 15, 2013, Target confirmed and eradicated the malware, after all of the credit card and personal information had been stolen.

This section primarily attempts to provide a better understanding as to how the 2013 data breach impacted Target’s finances. Because the breach occurred within Target’s fourth quarter 2013 period—between November 2, 2013, and February 1, 2014—financial analysis was gathered primarily from information provided in Target’s 2013 quarterly reports, 2012 and 2013 annual reports. This analysis will be divided into four parts. The first is an analysis of the company’s quarterly revenues and net earnings and how it measures year-over-year. The second assesses the company’s profitability through ratio analysis. The third segment gauges Target’s 2013 fiscal year performance with that of its biggest competitor, Walmart. The fourth and final segment looks at whether or not Target was able to regain its customers in the years that followed.

On Dec 19, 2013 Target Corporation announced to the world that they had suffered a major data security breach. Due to Target Corporations poor stance on network security, hackers were able to steal over 40 million payment card records, encrypted PINs and 70 million customer records during the Black Friday sales week. Initial reports indicated that it was malware placed on their Point of Sales (POS) system, but that was just the tip of the iceberg of the breach. If there had been better security from the start this breach could have been avoided or greatly reduced.

In 2013, Target Corp., the company that prides itself on offering quality, upscale, and trendy merchandise at lower costs, had anticipated a historic year. However, after purchasing Canadian retailer Zellers’ 273 locations and finally executing plans to expand outside the United States, both company and stockholder optimism vanished. In late 2013, news of a massive data breach affecting nearly 110 million consumers turned out devastatingly bad numbers in the fourth quarter—some experts even calling it the second largest retail cyber-attack in history.

The cause of this data leak was a well-executed plan of attack by using and exfiltration malware program that moved customer’s stolen credit card numbers and details into drop locations and then the hackers retrieved the data from these locations spread all over the US. However despite FireEye (Targets $1.6 million malware detection tool) spotting this malware and notified the security team as says *** “Nothing happened”. This non-responsive action to the 11GB worth of data being leaked from their mainframes. As a result of this Target experienced more than 140 lawsuits filed towards them by customers and banks due this negligence and compensatory damages. The total costs exceeding $61 million responding to the breach and Targets profit during the Christmas period had fell 46%. Target was not the only victim to this data breach it caused banks to refund customers more than $200 million due to their stolen money by these hackers. Furthermore many customers were experiencing identity theft, this being a major implication for all individuals affected this data breach as now many customers will need new credit card details and identity to be fixed by this data

Target has been around for quite some time and has definitely made some mistakes in the past. Unlike some businesses who consistantly make the same mistakes over and over, Target has moved past these mistakes and learned from them. The company attempted international expanision to Canada in 2011 and with poor planning the expanision failed. Over 124 stores opened within a 2 year period and experienced they experienced several problems with how quickly the transition happened. The locations that they picked were not buildings that supported Target’s merchandising, and the move into Canada happened so quickly that the shelves were not appropriately stocked. The compnay also did not do anything to compensate for the competition that Wal-Mart supplied them with in the Canadian market. With all that being said, Target closed it’s doors in Canada and kept all its retail stores in the United States. Even

Once Target released the breach to the public, sales dropped. The company attempted to attract skeptical customers to shop by offering a 10 percent discount on purchases in its stores the weekend before Christmas, but the damage to customer loyalty appeared in the latest sales figures. Target reportedly spent a significant amount of money on security technology (Capacio, 2014). Although systems used encryption, the encryption was presented ineffective because the data was entered in memory where it was unencrypted. For encryption to be effective, the company must hire a defense in depth strategy in which they can also defend the key and protect access to systems where the data needs to be unencrypted in order to be processed (Ferguson, Schneieir,

Target a large retail corporation that operates over 1,700 stores across the United States. They also operate as an online retailer at target.com. In 2012 the retailer earned more than $73 billion dollars in revenue and grew their sales by 5.1% from the previous year. Looking at the revenue and sales growth rate it is hard to fathom that more money could not be spent to ensure that consumer data is protected as much as possible. As information security specialists one of the worst things that can happen is our network gets infiltrated and customer information is stolen. On December 19, 2013 Target released a statement stating that they have had an information

Target has not disclosed much detail around the breach due to liability and legal issues but some information is available due to a leaked internal corporate report. The report included information by Verizon which was hired by Target to probe its networks for weaknesses days after the breach was

In December 2013, Target was attacked by a cyber-attack due to a data breach. Target is a widely known retailer that has millions of consumers flocking every day to the retailer to partake in the stores wonders. The Target Data Breach is now known as the largest data breach/attack surpassing the TJX data breach in 2007. “The second-biggest attack struck TJX Companies, the parent company of TJMaxx and Marshall’s, which said in 2007 that about 45 million credit cards and debit cards had been compromised.” (Timberg, Yang, & Tsukayama, 2013) The data breach occurred to Target was a strong swift kick to the guts to not only the retailer/corporation, but to employees and consumers. The December 2013 data breach, exposed Target in a way that many