CYBER BREACH AT TARGET

INFORMATION SYSTEM FOR MANAGERS

CASE ANALYSIS GROUP 5

HEERANSH SINGH - 2022PGP160

MRIGANK ANAND - 2019IPM078
JAAHNVI MOHAN - 2022PGP171
VARUN LALA - 2022PGP440
ZENITH LAKHRA - 2022PGP459
INTRODUCTION

• Target was established by George Dayton as a discount store focusing on

customers who could not afford the high priced departmental stores.
• The first Target store was opened in 1962 by the Dayton Company, at the
same time of Walmart and Kmart.
• Target’s USP was selling quality products at lower prices in an upscale
environment and it embodied the slogan “Pay Less, Expect More”
• Target is the 8th largest retailer in USA having 1800+ stores across USA and
sells items like household essentials, food, beverages, apparels, accessories
etc.
WHAT IS DATA BREACH?

• According to Investopedia, “A data breach (also known as data spill or data

leak) is unauthorized access and retrieval of sensitive information by an
individual, group, or software system. It is a cybersecurity mishap that
happens when data, intentionally or unintentionally, falls into the wrong
hands without the knowledge of the user or owner.”
• Target had suffered a data breach in November 2013, which was one of the
largest cyberattacks in history.
• Hackers stole credit and debit card information of 40 million customers, and
70 million records of personal information including their email id and
home address data.
 TIMELINE OF THE CYBER BREACH
Hackers, unknown location - The majority of Target US dept of Justice contacted
initiate a phishing email POS systems had been Target about the breach. JP
campaign against one of affected. Morgan Chase began alerting Krebs on Security, an
Target's external vendors, Fazio Malware installed – credit card companies of a pattern online security blog
Mechanical Services. Hackers Citadel of fraudulent credit card charges gave the first public
stole all of Fazio's passwords RAM Scraping attack initiated at Target. indication of the breach
method

15th-28th 30th 2nd Dec’13 12th 14th-15th 18th

Sep’13 Nov’13 Nov’13 onwards Dec’13 Dec’13
Dec’13

Exported the Target hired a third-

Hackers gained access to collected data to an party forensics team to
Target's using Fazio's external server investigate the breach.
credentials, attacked a based in Russia The internal team
small number of POS
confirmed the attack
(Point-of-sale) systems and Target removed the
malware from its
systems
 TARGET ANNOUNCES THE BREACH
Target posted on its 10% employee Target reversed its earlier position to
corporate website and discount offered to confirm the theft of PIN information, in
press release - Aware of customers addition, CVV numbers and expiration
unauthorized access to shopping in Target dates had been compromised
payment card data. stores

21st-22nd
19th Dec’13 20th Dec’13 25th Dec’13 27th Dec’13 10th Jan’14
Dec’13

Target denied theft of Payment executive Outlined the fact

PIN numbers, offered familiar with the that personal
free credit and theft breach stated the information was
monitoring for breach of also part of the
affected customers for information breach.
a year
WHAT WENT WRONG?

• FAZIO MECHANICAL SERVICES: Target did not monitor the security arrangements of Fazi
while, Fazio used a free version of security product called "Malwarebytes Antimalware “
• FIRE EYE.inc : cybersecurity monitor raised an alert which was ignored Automatic
malware detection and deletion option had been turned off by target' s security team.
• SECURITY TEAM: Non compliance with the PCI 2.0 norms which were the bare minimum
standards. Weak controls within Target' s network which made it easier for the hackers to
crack the system. The data was then moved from target’s network and stolen data was
aggregated at a different proxy network.
WHO CAUSED THE ATTACK?

• Data theft of this magnitude are usually the work of an organized crew of cybercriminals
specializing on stealing data from vulnerable sources.
• The preparators behind this attack were from Russia, Ukraine and Romania, a similar
crew was responsible for another such attack on ‘Home Depot’ in 2014.
• Once the stolen data was moved target’s network it was shifted to a server in Moscow,
the stolen data was traded in cryptocurrency on rescator.so (dark web).
CONSEQUENCES OF THE DATA BREACH?

Financial Losses incurred by Target :

• Q4 sale fell by 6.6%, net earnings dropped by 46%.
• Stock price fell 8.8% within 6 weeks of the breach announcement
• $162Mn incurred in costs by the end of 2014
• Reached a settlement with the customers( $10,000 for documented expenses)
• $67Mn settlement with Visa and $40Mn settlement with Mastercard and other banks
• Additional legal consultation costs
• Costs incurred towards customer retention
CONSEQUENCES OF THE DATA BREACH?

• Faced scrutiny by various investigation agencies, govt. institutions , media etc.

• Lost customer trust and holiday season sale opportunities
• Lawsuits from customers , banks , credit cards services, and investors
• Individual lawsuits against the board of directors
• Major loss of brand reputation
SOLUTIONS

• Monitoring vendor’s security arrangement.

• Abiding with Payment Card Industry (PCI) standard.
• Firewall Configuration
• Ensuring only allowed ports, services, IP addresses are communicating with the network.
• Segregating payment processing network from other non-payment processing networks.
• Implementing hardware-based point to point encryption.
• Eliminating unneeded default accounts.
CONCLUSION

With the increasing data breaches and cyber crime in recent years, it is the responsibility of
the firm to adhere to industry standards in building and maintaining firewalls, protecting
sensitive information, monitoring their networks, be attentive to security warnings and
correct unsound practices.
THANK YOU