Autopsy of a Data Breach The Target Case Case Solution

1. Summarize the timeline and key chain of events in the data breach at Target and describe the links that completed the chain causing the explosion.

In September 2013, the target was certified with the international standard PCI DSS (Payment Card Industry Data Security Standard). This ensured security for the financial information of the customers for both – smaller and bigger merchants.

Between November 15 and27, however, the cybercriminals ran tests on target’s software and data management to ensure everything was working properly. A few days later, malicious software was installed on all of Target’s terminals which allowed the cybercriminals to access, and make a copy of all the card numbers used. 

On November 30, 2013, the target had started receiving escalating alerts of level 1 by its monitoring system regarding fraudulent activity. However, local teams and analysts for target had dismissed it as being unimportant, and saw it as unnecessary to take any action regarding it.

On December 13, 2013, target received notification from, representatives from the U.S. Department of Justice regarding large fraudulent debit and credit card activity that shared common ground in the transactions made at target.

On December 19, 2013, the retailer announced a breach in its security and data management systems- announcing the theft of over 40 million debit and credit cards used to make purchases in its stores within the USA between November 27 and December 18.

On January 10, 2014, target further announced that cyber criminals had also stolen the personal information of customers – including names, phone numbers, omen addresses, and email addresses of around a 70millon customers.

The cybercriminals were able to access the data by identifying and exploiting vulnerabilities in Target’s infrastructure- through simply sending a phishing email to one of its vendors located in Pennsylvania - the HVAC firm Fazio Mechanical Services. An employee from the same replied to a phishing email, giving access to the information needed by cybercriminals tore motley penetrate target’s network by focusing on the POS terminal network that managed the payment systems within the company. Further, the cybercriminals worked during the network’s normal peak traffic periods to avoid drawing attention. 

2. What lessons can be learned from Target and how can these lessons be leveraged by risk managers in other organizations?

The breach at target proved how easy it is for cybercriminals and hackers to tunnel from one part of a corporate network to another. The breach has given way to a number of lessons. An important lesson learns from the incident of the breach is regarding the vulnerabilities that merchants face because of their relation to third parties. The incident has highlighted the need for the segmentation of networks by merchants. Moreover, the breach has also identified the need for a more comprehensive security package for merchants – instead of just relying on the certification for PCI SSC. Target was compliant with the latter, and still faced a breach – identifying loopholes in the security offered.