Professional Documents
Culture Documents
Case Analysis-
“Cyber Breach at Target”
Group-2 | Sec D
After the cyber breach, the share price & sales of Target fell down by 8.8% and 6.6%
respectively. Target had to settle $67 million with Visa & $40 million with Master Card. It had to
spend roughly $290 million in breach-related costs, out of which $90 million was expected to be
reimbursed by the insurers. 81 consumer cases, 28 bank cases & 4 shareholder cases were
filed against Target. Customers underwent a lot of hardships due to the delay in the discovery of
the breach.
Analysis
The breach led to Target realising to remove the malware from their systems as soon as
possible, but no operations were disrupted. Repeated alerts about the malware attacks were not
noticed and after being notified by the Department of Justice, they reacted to the issue at hand.
They responded quickly and along with the FBI and the secret service, began investigating the
matter. The customers were not informed about the breach and no public statement was issued
until the problem was pointed out by an independent blogger. The affected customers
(approximately 40 million credit and debit cards were impacted) were offered free credit and
theft monitoring for a year. It was later found that about 70-110 million customers were
impacted. Target invested heavily to maintain the goodwill among their customers and ensured
that they won’t be held liable for the fraudulent charges which resulted from the breach.
Recommendations
Some steps Target should have taken to prevent, or, at the very least, detect the breach are-
i) Stricter regulations, monitoring and upgradation of its vendors’ security arrangements. If the
firm would have asked the vendors to track sensitive files, worked on building stronger firewalls
between internal networks and the outsiders, used PCS 2.1 DSS standards and eliminated
unneeded default accounts they may have tried to avoid such a data loss.
ii) Paying heed to internally identified security threats prior to and at every stage of the attack,
especially at the recently upgraded POS systems, and taking forward the requests for further
review of these critical points of the payment system.
iii) Mandating a two-factor authentication, a payment card industry standard for remote access.
iv) Ensuring basic security protocol for even low level vendors like Fazio to have measures in
place that would prevent them from accessing internal, sensitive data like customer and
payment information.
v) Segregating sensitive, internal information from information accessible by external sources.
vi) Develop an automated system or create a team to preliminarily verify each security threat
identified, and separate false positives from true positives to ensure all threats highlighted get
investigated and the necessary ones get followed upon.
vii) Construct a network structure that would instantly detect and alert any foreign intrusion like
that of the hackers’ malware, and prevent them from navigating through their internal networks,
much less allow updating the malware. An instant auto-close of all payment systems can be
triggered if such an intrusion is found at a set number of levels (recommended: 2 levels), maybe
even allowing for a small degree of false positives as this breach dealt with highly critical and
sensitive data.
viii) Additionally, anti-malware can be purchased or developed by Target to be launched
automatically, as soon as such a breach is detected.
ix) Investigate why the function to auto-delete malware was disabled, and enable it if possible.
x) Trigger alarms to the CIO and store managers as soon as payment data on the servers
exceeds half a day.
xi) Creating a team specially dedicated to and accountable for actively developing and updating
security protocol and implementing it, to avoid a repeat, especially in the high-sales months.
This team would also be responsible for keeping these protocols in line with regulations.