Get instant access to this case solution for only $15

Autopsy of a Data Breach The Target Case Case Solution

Solution Id Length Case Author Case Publisher
2354 1815 Words (7 Pages) Line Dube HEC Montreal Centre for Case Studies : HEC130
This solution includes: A Word File A Word File

In November 2013, target corporation – one of the leading retailers and merchants in the USA, fell victim to one of the largest cyber-breaches in history. Planned and executed during the busy holiday season, the breach occurred when remote intruders and cyber criminals hacked into the company’s network via taking advantage of a vulnerability in the firm’s IT infrastructure and processes. The breach resulted in a compromise on the personal as well as financial information for over 100 million target customers. The case describes and follows the details of the breach, the circumstances in which it occurred, as well as the consequences that the company as well as the customers faced as a result of the breach. The case also explores the target’s response to the breach. 

Following questions are answered in this case study solution

  1. Summarize the timeline and key chain of events in the data breach at Target and describe the links that completed the chain causing the explosion.

  2. What lessons can be learned from Target and how can these lessons be leveraged by risk managers in other organizations?

  3. In your own words, explain the concept of Operational Risk as it relates specifically to technology.

  4. Define and explain the key attributes of the IMF’s measures to strengthen resilience to cyber risk.

  5. How would you apply the IMF framework relating to measures to strengthen resilience to cyber risk to the Target case?

Case Analysis for Autopsy of a Data Breach The Target Case

1. Summarize the timeline and key chain of events in the data breach at Target and describe the links that completed the chain causing the explosion.

In September 2013, the target was certified with the international standard PCI DSS (Payment Card Industry Data Security Standard). This ensured security for the financial information of the customers for both – smaller and bigger merchants.

Between November 15 and27, however, the cybercriminals ran tests on target’s software and data management to ensure everything was working properly. A few days later, malicious software was installed on all of Target’s terminals which allowed the cybercriminals to access, and make a copy of all the card numbers used. 

On November 30, 2013, the target had started receiving escalating alerts of level 1 by its monitoring system regarding fraudulent activity. However, local teams and analysts for target had dismissed it as being unimportant, and saw it as unnecessary to take any action regarding it.

On December 13, 2013, target received notification from, representatives from the U.S. Department of Justice regarding large fraudulent debit and credit card activity that shared common ground in the transactions made at target.

On December 19, 2013, the retailer announced a breach in its security and data management systems- announcing the theft of over 40 million debit and credit cards used to make purchases in its stores within the USA between November 27 and December 18.

On January 10, 2014, target further announced that cyber criminals had also stolen the personal information of customers – including names, phone numbers, omen addresses, and email addresses of around a 70millon customers.

The cybercriminals were able to access the data by identifying and exploiting vulnerabilities in Target’s infrastructure- through simply sending a phishing email to one of its vendors located in Pennsylvania - the HVAC firm Fazio Mechanical Services. An employee from the same replied to a phishing email, giving access to the information needed by cybercriminals tore motley penetrate target’s network by focusing on the POS terminal network that managed the payment systems within the company. Further, the cybercriminals worked during the network’s normal peak traffic periods to avoid drawing attention. 

2. What lessons can be learned from Target and how can these lessons be leveraged by risk managers in other organizations?

The breach at target proved how easy it is for cybercriminals and hackers to tunnel from one part of a corporate network to another. The breach has given way to a number of lessons. An important lesson learns from the incident of the breach is regarding the vulnerabilities that merchants face because of their relation to third parties. The incident has highlighted the need for the segmentation of networks by merchants. Moreover, the breach has also identified the need for a more comprehensive security package for merchants – instead of just relying on the certification for PCI SSC. Target was compliant with the latter, and still faced a breach – identifying loopholes in the security offered. 

Get instant access to this case solution for only $15

Get Instant Access to This Case Solution for Only $15

Standard Price

$25

Save $10 on your purchase

-$10

Amount to Pay

$15

Different Requirements? Order a Custom Solution

Calculate the Price

Approximately ~ 1 page(s)

Total Price

$0

Get More Out of This

Our essay writing services are the best in the world. If you are in search of a professional essay writer, place your order on our website.

Essay Writing Service
whatsapp chat icon

Hi there !

We are here to help. Chat with us on WhatsApp for any queries.

close icon