Table of Contents
Introduction
Target Corporation is listed as the second- largest discount store retailer in the United States. Its market penetration is only behind Walmart in the U S. In December 2013, it was reported that 40 million Target credit cards had been stolen. However, later in 2014, the company revised the number to 70 million affected credit cards. The breach is thought to have taken place between November 27 and December 15th, 2013. According to the United States Department of Justice, which was the whistle-blower; over 11GB of data is thought to have been stolen (Radichel, 2014). The cost of the breach was far reaching to the company, its employees and customers.
Issues that led to the Incident
There are various issues that led to the attack on Target’s Corporation systems. First, the attackers gained access to the system by targeting their Point of Sale (POS) systems. The POS is a software that the firm uses to carry out transactions at the cash register. The second issue was an email sent to an affiliate party to Target. It was discovered that an email containing a malware was sent to a vendor, Fazio Mechanical (Radichel, 2014). A malware called Citadel was later installed on the vending machine to help infiltrate Target’s systems. The last issue was target’s mismanagement. Target missed internal alerts that warned the company of irregular activities in the system.
We can do it today.
Recommendations
To ensure that such a case doesn’t occur again I would first recommend to the company to appoint a chief information security officer; who can keep a written security program. The security program will document potential risks in the system and design metrics to continuously measure the security of the system randomly. Furthermore, I would also recommend to the company to offer security training to relevant workers; to educate them on the importance of safeguarding personal information. Thirdly, I would consider a comprehensive approach to security in the system. Systems such as POS need to undergo a thorough system check that would identify threats and vulnerabilities in specific areas of the system. Security staff also need to be more vigilant to identify potential risks. Finally, an organization such as Target needs to have a Defence in Depth strategy to prevent threats from infiltrating the system. Defence in Depth provides multiple levels of protection and control in a system that prevents breaches such as Target’s case (Radichel, 2014).
Results
The breach meant that 70 million credit cards were stolen from the company. The stolen cards could be used for money laundering and a variety of online crimes. Furthermore, 61 million personal data was also stolen as a result of the breach. The information included names, email address, mailing address and phone numbers of the company’s customers. Target had to pay $10 million as settlement fee to settle the lawsuits it faced (Luckerson, 2013). The breach also resulted in High ranking employees and members of Target’s board losing their jobs. Banks also had to refund money stolen from the customers.
Cultural, Societal and Legal Outlook
The case shaped the legal environment when it came to customer settlement. Through the case courts, the court allowed for firms to compensate credit related cost that resulted from cyber breach. The breach affected the society since it led to 17,000 workers of Target being laid off in Canada. Target further laid off 1,700 workers in the United States. Target was also required to change its security and operational culture. They needed to appoint a security manager who would oversee through the monitoring and analysis of the system.
- Luckerson, V. (2013). Target Breach Shows You Can be a Victim of Cybercrime at a Brick and Mortar Store. Time, 112- 117.
- Radichel, T. (2014). Case Study: Critical Controls that Could Have Prevented Target Breach. New York: SANS Institute.