...Sampson Amoako Mensah Course: CSC-781 Instructor: Dr. Yen-Hung (Frank) Hu Topic: Target Security Breach Case Study Abstract This paper identifies the issues that cause the Target’s security breach, its also discusses the events that lead to the breach, identifies potential causes of this events, who was affected and how consumers reacted, the extent of the breach, and provide ways to address this events in addition to addressing risk management and data recovery for future occurrence. An Overview of the Breach In the days prior to Thanksgiving 2013, a malware was installed, on Target’s security and payment system, designed to steal credit cards that comes across the system. This malware targeted all the 1,797 stores own by target in the United States. The malware was coded, to pick up credit cards that were swiped at the register and stored on a server controlled by the hackers. Federal enforcement officials contacted Target on December 12, to alert them of the breach, target responded in three days to confirm the breach, Target reported about 40 million credit cards were stolen, about 70 million of personal records were also stolen. Events Leading to Breach Businessweek reports that hackers used the credentials of an HVAC vendor to get into Targets network, and spent several weeks installing the malware. hackers then sent the malware to the 1,797 stores owned by Target and got them installed on cashier stations, the malicious codes, will then send...
Words: 588 - Pages: 3
...information security breach at Target and how this adversely affected the organization. Be sure to include and indicate both tangible and intangible losses in preparing your response. Nature of Breach | Tangible Losses | Intangible Losses | Customer names | Consumer information | Consumer trust | Credit card numbers | Previously stored credit cards | Consumer trust | Credit card security numbers | Security numbers of credit cards | Consumer trust | Credit card expiry dates | Credit card info | Consumer trust | Customer addresses | Addresses | Consumer Trust | Sales data | Sales data | Sense of security | 2. What actions were taken by both Target and the “authorities” to address the crisis, and what is your assessment of each action taken? Actions Taken to Address the Crisis | Assessment of These Steps | Target ignores warnings | Not a great move | Department of Justice notifies stolen data existence | Good move, shouldn’t have gotten to this | Target removes malware from POS | Good move, should’ve done this sooner | | | add more rows as needed…. | | 3. What reactive steps by Target might have mitigated their losses subsequent to their discovery of the information security breach? Explain/justify your choices. Reactive Steps | Explanation | Respond to the warning signs exhibited by installed security software | Why would you invest in this security only to ignore it? | Follow procedures put in place to address a security breach...
Words: 373 - Pages: 2
...Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Case Study: Critical Controls that Could Have Prevented Target Breach In December 2013 over 40 million credit cards were stolen from nearly 2000 Target stores by accessing data on point of sale (POS) systems. This paper will explore known issues in the Target breach and consider some of the Critical Controls that could have been used to both prevent this breach and mitigate losses. AD Copyright SANS Institute Author Retains Full Rights Case Study: Critical Controls that Could Have Prevented Target Breach GIAC (GSEC) Gold Certification Author: Teri Radichel, teri@radicalsoftware.com Advisor: Stephen Northcutt Accepted: August 5th 2014 Abstract In December 2013 over 40 million credit cards were stolen from nearly 2000 Target stores by accessing data on point of sale (POS) systems. This paper will explore known issues in the Target breach and consider some of the Critical Controls that could have been used to both prevent this breach and mitigate losses. From what is known about the Target breach, there were multiple factors that led to data loss: vendors were subject to phishing attacks, network segregation was lacking, point of sale systems were vulnerable to memory scraping malware and detection strategies employed by Target failed. A possible solution...
Words: 8983 - Pages: 36
...Website Security Website Security is important in helping to protect both consumers and corporations from security threats. As more and more companies make their products available online, and consumers continue to find online shopping more convenient, threats to website security continue to rise. These threats can come in the form of identity theft and lead to consumers’ finances being stolen and used by the offenders. This also creates a financial burden to companies, as they could be liable for the financial damages to consumers, along with losing some of the trust that their consumers may have for them. Implications of a Security Breach Security breaches can be very damaging to an organization. Financially, it can be a nightmare, but a breach also means that the company will have to overhaul its website security practices and policies. For example, in August 2007, Monster Worldwide Inc., a company that runs Internet job boards Monster.com and USAJobs.gov, fell victim to a security breach that was very costly.(Hobson, 2014). According to NBC News, approximately 1.3 million people’s information was stolen. Normally, resumes do not contain any data that could be immediately damaging, such as Social Security Numbers, credit card numbers, and bank account numbers, but contact information can be used in phishing scams to gain more sensitive information. This security breach cost Monster $80 million in upgrades to improve the security of its site.(Bergstein, 2014)...
Words: 817 - Pages: 4
...Cyber Security in Business Organizations 1 Cyber Security in Business Organizations David Hodges Strayer University Dr. Richard Brown May 14, 2015 Cyber Security in Business Organizations 2 Abstract This paper will assess the importance of information management in the insurance industry. How information management has help overall change the marketplace. The essential role of enterprise architecture in the industry will also be discussed and how it contributes to management decision making. Different data storage options for the industry will be discussed alone with the functions and which provides the best possible support for the industry overall. Cyber Security in Business Organizations 3 Due to the increased use of information and communication technologies in business organizations to today, the incidents of computer abuse has increase exponential. It has become increasingly difficult to protect customer information and company asset. Some of the challenges in security business organization have when it comes to breach includes the following: unauthorized users get access to computer systems and disclose confidential information, unauthorized users change the information...
Words: 1200 - Pages: 5
...Target Credit Card Breach It was the holiday season of 2013. It is the busiest time of the year for retail. Everybody is pretty much out and about doing their Christmas shopping for their families and friends. Lots of people especially women don’t carry a lot items on them when they go shopping. Bank debit cards have replaced the checkbook and cash because people don’t want to carry cash or a checkbook when they go out shopping. They only want to carry their driver’s license, a bank card, and a credit card or two. While carrying less can be more convenient for people, it’s not always a safe thing to do. People are not aware that making purchases with a credit card or a bank card can have some repercussions. Today’s technology for making purchases is great because it’s quicker and more convenient but at the same time it can be dangerous in the wrong hands. It happened with Target, which is the 2nd largest discount retailer in the country behind Walmart. In December of 2013, right in the middle of the holiday season, Target announced that there was a data breach involving millions of credit and debit card records. The breach may have taken place between November 27 and December 15. It is unknown which Target locations in particular were affected by the data breach. It was assumed that all Target locations were impacted and involves the theft of data stored on the magnetic stripe of cards used at the stores. Hackers stole personal information including names, phone...
Words: 657 - Pages: 3
...Giokaris HRM587 Week 6 Communicating the Change The Target Corporation has undergone many changes due to the 2013 security breach where hackers stole personal information from credit and debit cards of at least 70 million customers. Target sales and reputation has dropped from this instance, thus eliciting changes in their security systems, changes in management, and a few policy changes in handling customer information. With the public eye on the corporation’s handling of the situation, Target has been communicating these changes through various means. The changes they needed to communicate were informing customers of the security breach, addressing the bad press coverage to shareholders, downsizing of employees, and indicating policy changes to external vendors. Target Corporation issued a statement to customers informing them of the security breach. Then CEO Gregg Steinhafel sent a letter to customers apologizing for the inconvenience, assuring that changes in security measures are a top priority to the company. It also talked about the immediate investigation into the breach and recommendations for customers to take steps in protecting their own information (Chmura, 2013). Throughout the coming months, Target Corporation provided updates into the change processes by issuing statements to the public through media outlets. The company has since created a question and answer page on their website about the data breach for everyone to have access to, and provides answers to...
Words: 1329 - Pages: 6
...Research Paper Target Security Breach Abstract In late 2013 Target Corporation’s network encountered a security breach in which millions of credit cards and customer personal information was stolen by malware that was installed onto their network. This information was to be sold on the black market to others for their illegal use. Target Corporation was indeed made aware that there was some peculiar activity within the network before the information was stolen. Their million dollar malware software, monitored by FireEye, picked up on the attack several days before any information was removed from the Target Corporation servers. Target Corporation could have easily prevented the majority of the attack and reduced if not eliminated the amount of credit cards and personal information that was stolen. The fact that Target Corporation was warned of the initial breach, as well as an additional breach, and did not respond for two weeks is unfathomable and unethical. The Target Corporation has a duty to secure any and all credit card and personal information that they collect from their customers. I believe that in this case Target Corporation did not act accordingly and should be held liable. Target Corporations lack of response and inability to take action goes against all ethics and how the situation should have been handled. Target Security Breach In mid 2013 Target Corporation hired a security firm, FireEye, to install a malware...
Words: 2925 - Pages: 12
...Case Study 1: Cyber Security in Business Organizations Abstract This paper examines the importance of cyber security in business organizations and discovering better methods to combat cyber terrorism in the future. Data breaches in the work place have become an increased threat to personal privacy as well as to the economic livelihood of many organizations. In this paper we will further examine how a simple data breach almost brought the retail giant Target to the brink of destruction and provide detailed accounts of other recent data security breaches that have effected other business organizations and discuss what could be done to prevent them. Cyber Security in Business Organizations Modern global industries rely heavily on the data that they acquire to stay relevant in order to compete in a constantly moving world of technology. Protecting present and future data from potential cyber theft has become a vital need to the economic livelihood of today’s organizations. In today’s business world, organizations must prepare themselves for not only increased vulnerability attacks from exterior threats of cyber terrorist seeking to gain access to a company’s private data and resources but also have to take in account and be mindful of the interior threat of disgruntled employees whose mission is to expose or sale company sensitive or secret data for their own profitable gain. In today’s era of computing, cyber security can be described and defined in several ways...
Words: 1143 - Pages: 5
...Running Head: THE BREACHING OF TARGET 1 The Breaching of Target: What Happened and How It Could Have Been Prevented THE BREACHING OF TARGET 2 The Breaching of Target: What Happened and How It Could Have Been Prevented In December of 2014, hackers infiltrated Target’s credit card system. These hackers obtained over 40 million customer’s credit card information along with 70 million customer’s personal information. What should have been Target’s most profitable season, actually turned into its worst. They lost many loyal customers while obtaining numerous lawsuits. Before this catastrophe, Target was known for being an extremely technologically advanced and secure corporation. This is why many customers are left wondering what happened and how it could have been prevented. The hackers that breached Target’s system supposedly used a piece of software called BlackPOS (Monocello, 2014). This piece of malware obtained its information from the black magnetic stripe on the back of each credit card as it was swiped. Stores use a POS system to swipe credit cards. This is how they obtain required information. However, the information does not come encrypted, so it is easy information for an advanced hacker to receive. A simple way to encrypt this information is by using an EMV chip and EMV chip reader. According to Rash (2013), “The EMV chip that's embedded...
Words: 898 - Pages: 4
...February 26, 2015 IT Failure- Target Breach IT failures have become more and more prevalent these past few years, or at least now that they’re publicized more often since they are now associated with our personal information. Before we heard about breaches and hacking, we would think of IT failures in a different sense such as a stores system not working properly or even their website not responding. We are often reminded that we are lazy creatures and with that we tend to think about how to make are lives simpler not safer. When we stand in line at the store we never stop to think about how secure our purchases are while using our debit/credit cards. Well that’s not the case now, in late November of 2013 that all changed for us. Target experienced one of the largest retail breach back in 2013 when it was discovered that there was malware found in their systems from a third party affiliate (Riley, Elgin, Lawrence, and Matlack, 2014). The breach occurred between the days of November 27th and December 15th (“Data Breach FAQ,” 2015). Meaning this massive breach went on for a total of 19 days, which leads to the question: How could Target allow this to go on for over two weeks without noticing? This was a very well thought out attack because it was one of the busiest seasons of the year, catching Target off-guard. Despite the fact that, it was such a busy time, it does not excuse the fact that Target made a tremendous error. Prior to this nightmare, Target had invested $1.6 million...
Words: 827 - Pages: 4
...Cyber Attacks and Security: The Problem and The Solution Shamika A. Woumnm BIS/221 February 16, 2015 Gregorio Chavarria Cyber Attacks and Security: The Problem and The Solution In December of 2013, Target reported that up to 70 million customers worldwide were affected by a major security breach. It was reported that thieves stole massive amounts of credit and debit card information during the holiday season which also swept up names, addresses and phone numbers of their customers, information that could put victims at greater risk for identity theft. The Problem The Target breach is ranked as one of the worst ever. During the peak of the holiday season that year Target said that up to 40 million customers’ credit/debit card information had been stolen from people who shopped in their stores from November 27 to December 15. That following Friday that’s when another 70 million customers were affected, some of who, might have had their personal information compromised as well. Cyber criminals gained access to the computers entity and steered the information to a server in Eastern Europe to eventually sell on the black market card. According to the press, there when the two automatic intrutions alerts and installations of malware took place within the software and computer systems they were neither detected nor identified by the company. When there are security breach’s within a company it has a major effect on the company’s revenue...
Words: 558 - Pages: 3
...Case Study #1 Cyber Security in Business Organizations CIS 500: Information Systems for Decision-Making Cyber Security in Business Organizations On December 19, 2013, the Target Corporation in Minneapolis, MN, put out a press release on their website confirming there had been a security breach allowing unauthorized database access to their Point of Sale (POS) systems, between November 27 and December 15, 2013. Target reported approximately 40 million credit/debit card accounts could have been affected. In the release, Gregg Steinhafel, chairperson, president and chief executive officer, stated the following, “Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.” (Target Press Release, 12/19/2013). Retailers are prime targets for hackers. Why? Simply stated, Risk versus Benefit. Retail stores compile a vast amount of financial data and banking information for millions of people across the country. It could be considered a new version of bank robbery. Rather than dealing with all the planning, resources needed and danger involved with robbing one actual bank, not to mention having to split the money with cohorts, hackers can skip the bank altogether. Obtaining consumers’ banking information provides all the benefits...
Words: 2080 - Pages: 9
...Verne, California Target Supply Chain Management Security A Paper Submitted in Partial Fulfillment Of the Requirements for BUS577: Supply Chain Security Team Member: Xiaomeng Xu Lusi Peng Xinyao Lu Jieyi Cai Hailin Yan College of Business and Public Management Department of Master of Business Administration 2016/5/20 Introduction Target Corporation is an upscale discount retailer that provides high-quality, on-trend merchandise at attractive prices in clean, spacious and guest-friendly stores. Target opened the first store in 1962 in the Minneapolis suburb of Roseville, Minnesota, and now is the second largest retailer in the United States right after Wal-Mart. In fiscal 2015, the company’s revenue grew by $1.3 billion, reflecting a 1.3% increase in comparable sales and the contribution from new stores. Today, Target remains committed to providing a one-stop shopping experience for customers by delivering differentiated merchandise and outstanding value with its Expect More, Pay Less brand promise. Target constantly fulfils the needs and fuels the potential of the customers by delivering outstanding value, continuous innovation and an exceptional guest experience. As of 2015, Target operates 1,793 locations and 38 distribution centers with 341,000 team members throughout the United States and worldwide. The retail format include the discount store Target, the hypermarket SuperTarget...
Words: 4286 - Pages: 18
...The article, Hackers Steal Card Data from Neiman Marcus, was written in an attempt to inform readers of the incident regarding a data breach attack that occurred at Neiman Marcus, the high end brick and mortar retail store, which was detected in mid-December. In response to inquiries about a data breach which involved consumer’s payment card information, Neiman Marcus acknowledged that it is working with the United States Secret Service to investigate a breach that has exposed an unidentified number of customers (Krebs, 2014). Krebs’ Sources from the financial industry reported that there have recently been a rising number of fraudulent payment card charges that were occurring at numerous stores; however the common point of purchase for the fraudulent activity was at Neiman Marcus. The author then proceeded to contact Neiman Marcus, seeking conformation of if there was a breach or not. Ginger Reeder, Spokesperson for Neiman Marcus, explained that a lot of the information on the breach is unknown, because the forensics team that was hired has not completed their investigation on the breach; however she mentioned that there is no evidence that online customers were also affected by the data breach. Eventually Neiman Marcus released a formal disclosure which notified clients that the company was contacted by its credit card processor to notify the, that there was a possibility of fraudulent payment card activity that occurred subsequent to client purchases at their stores. Neiman...
Words: 2330 - Pages: 10