Target Attack
docx
keyboard_arrow_up
School
Northern Virginia Community College *
*We aren’t endorsed by this school
Course
MISC
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
3
Uploaded by rsankeyca
Case Study 2- The Target Attack.
Describe what happened
On December 15, 2013 Target employees found malware on their cash registers. The malware was removed by the staff immediately. On December 19, 2013, Target reported the breech occurred during the holiday period and 40 million credit card holders’ information had been compromised. On December 27, 2013, Target reported that encrypted personal identification numbers had also been compromised. By January 17
, 2014 Target reported that the breach may have effected up to another 70 million customers with names, addresses, and phone numbers stolen (Gramma, 2022). The breach occurred secondary to a third party vendor for Target. The HVAC company had credentials from an employee stolen through a phishing scheme. The link from the HVAC company to Target was for billing and contracts not monitoring the HVAC system and allowed the hackers to send malware into the network (
Mittelstaedt, et al., 2014). The HVAC company was also targeted by the hackers as discussed by Kirk (2014) however the financial responsibility fell to Target (Kirk,2014).
Describe any laws or regulations that may have been violated
The breach violated the Payment Card Industry Standards Data Security Standard (PCI DSS). Which is explicit in stating that any merchant that accepts credit cards must assure safeguards to protect information are used. Target failed to protect card information, implement strong access controls, and maintain a secure network. Target had a security program on Its system that was being monitored. Target was alerted when the malware was installed on the system but failed to act. It is unclear what security methods the third-party vendor used which gave the hackers access (Rockefeller report, 2014). How would you feel as a consumer if your personal information was stolen in this case?
I would feel violated and vulnerable if I had been one of those affected. I would be very angry that Target was alerted that there was an attack on their system and failed to act to assure my information was protected. If I had suffered an identity theft requiring law suites to prove my
innocence, I would be infuriated. How should Target customers be reassured that this won’t happen again?
The Target breach did help to change security of the actual credit card by switching to chip and PIN which helps with security. Target should provide information about their security protocols to customers and should not require customer loyalty cards for any type of discount. Third-party venders should be banned from access to Target’s websites or if being used for utilities should have separate network that has no access to customer accounts. References: Grama, J. L. (2022). Legal and privacy issues in information security
(3rd ed.). Jones & Bartlett Learning. Kirk, J. (2014, February 7). Target contractor says it was victim of cyber attack
. InfoWorld. Retrieved March 11, 2022, from https://www.infoworld.com/article/
2609942/target-contractor-says-it-was-victim-of-cyber-
attack.html Scott, G., Mittelstaedt, T., Hall, J., McFarland , T., Johannes, R., Lantz , C., & Roche, T. (2014, February 12). Email attack on vendor set up breach at Target
. Krebs on Security. Retrieved March 11, 2022, from https://krebsonsecurity.com /2014/02/
email-attack-on-
vendor-set-up-breach-at-target/
Majority Staff Report for Chairman Rockefeller. (2014). (rep.). A “Kill Chain” analysis of the 2013 Target data breach
.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help