The Target Data Breach

The Target Data Breach

Beginning around Black Friday of 2013, credit card users reported that there had been suspicious activity on their credit cards, these accusations lead to the discovery of the Target Data Breach in early 2014. The Target Data Breach was reported by Target to have theft of forty million credit card and debit card numbers, and maybe people began to question how the breach occurred, how Target managed to find the breach and shut it down, and what happened to their data after their credit cards were stolen.

Targets data breach was made possible due to a simple error with the separation of networks. The retailer had not properly divided their networks, the credit card system that had handled all of the customers personal information had been tampered with. The hackers gained access into the network from stolen credentials from a heating and ventilation company. Once inside of the network, hackers uploaded many versions of a malware onto all cashier stations in domestic stores, and on December 2, 2013, credit card numbers began to flow out of the Target networks and into a databank in Moscow. Months prior, Target installed a new security system which was suppose to include a feature that could have eradicated the malware was left turned off because it was “mistrusted by Target security personal”(Bertrand, 2014). If this feature had been left on, this breach would have been eradicated before it even began.

On November 30, Targets security experts in Bangalore informed the security team in Minneapolis. After this information was sent along, nothing ended up happening, and it was almost like the breach never happened. The hackers began to download all the information into their Moscow database on December 2, 2013, which once again sent another notification to Target security officials, which was once again not acted on. It wasn’t until December 12, 2013, when Target received a notification from federal law enforcement that there had been a breach in their systems, this is when they decided to act. After receiving the notification, Target confirmed the breach and eradicated the breach on December 15, 2013, also confirming that forty million credit and debit card numbers had been stolen.

After all the information made its way from United States servers into a Moscow database, the hackers decided it would be best to sell the information on the underground market. The magnetic strip on the back of credit cards contain all account information needed to make a purchase, including the card number, the card holders name, expiration date, and the CVV. With all this information, the hackers could sell this data on the underground market from prices averaging at $27 a card. This number would obviously fluctuate based on the cards expiration date, the type of card, and how high the limit on the card was. It was estimated that the hackers generated an income of $53.7 million from this one breach. All in all, the Target data breach ended up costing Target $252 million, which includes insurance reimbursement and tax deductions. Without these deductions and reimbursements, the net losses for Target was $105 million.

Overall, the Target data breach could have been stopped right when it happened if correct security protocols had been followed. Due to the laziness of Target security, even after being informed of a breach, it lead to the loss of $252 million. Without the assistance from the United States Department of Justice, the Target data breach could have lasted much longer, simply do the fact that it seemed that no on e at Target had been acting on the notifications. Hackers sold a majority of the information that they had received in the underground market, and made a very large profit off of it. The Target data breach lead to financial institutions issuing credit cards with a chip in the cards. This chip offers a level of encryption that is much harder to break, which had been previously used all across Europe for a time being before the Target data breach. This is how target managed to go about their data breach and how they discovered it, among that process they leaned much more about hackers and how they managed to gain control of personal information and what the hackers did with that data after the cards were swiped at the store. References

It turns out Target could have easily prevented its massive security breach. (2014). Retrieved March 07, 2016, from http://bgr.com/2014/03/13/target-data-hack-how-it-happened/

Bertrand, N. (2014). Here’s What Happened To Your Target Data That Was Hacked. Retrieved March 07, 2016, from http://www.businessinsider.com/heres-what-happened-to-your-target-data-that-was-hacked-2014-10

Data breaches may cost less than the security to prevent them – TechRepublic. (n.d.). Retrieved March 07, 2016, from http://www.techrepublic.com/article/data-breaches-may-cost-less-than-the-security-to-prevent-them/

Target breach happened because of a basic network segmentation error. (n.d.). Retrieved March 07, 2016, from http://www.computerworld.com/article/2487425/cybercrime-hacking/target-breach-happened-because-of-a-basic-network-segmentation-error.html