Module_3.2

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

260

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

4

Uploaded by JudgeWorld11937

Report
The 2013 Target data breach was one of the most high-profile data breaches of the decade, impacting customers across the country. Cybercriminals utilized an email-based phishing scam, tricking an employee from one of Target’s third-party vendors, an HVAC contractor, into providing their credentials (Young, 2021). From there, the stolen credentials were used to infiltrate Target’s network and install malware on several point-of-sale systems on November 15th. Followed by officially launching the malware and beginning the collection of customer data from Target’s point-of-sale systems on November 27th. Three days later, the malware was detected, and Target HQ was notified (Mukumbi, 2016). It was not until being notified by the U.S. Department of Justice about the malware on December 12, that Target began to investigate the incident. It was December 19, 2013, when Target released an official statement on the matter (Rockefeller, 2014). The breach led to several point-of-sale systems being compromised by malware, giving cybercriminals access to millions of customer’s personal and financial data (Young, 2021). It is not known who was directly responsible for the attack, however, the malware, named “BlackPOS”, was coded and developed by two Russians, ages 17 and 23 at the time, to sell the program to be used for security testing (Kumar, 2014). It is believed they had the help of another anonymous programmer they met online, who used the exploit for malicious purposes. The malware, or portions of it was later found to have been involved in other attacks too (Kumar, 2014). Target faced many consequences in the aftermath of the breach, including recovery expenses, hundreds of lawsuits, decreased customer confidence, lost profits, and widespread criticism related to the company’s delayed initial response (Steinberg, 2021).
The ethical issues of the case include the failure of Target to protect its customers’ data, the lack of transparency in Target’s initial response to the breach, and the potential violation of customers’ privacy rights (Young, 2021). The key members involved in the case include Target’s corporate leadership, the management team, the cybersecurity team, and the customers whose data was compromised. Accountability of effective risk management, slow crisis response, and reputational damage suffered rippled to the very top of Target leadership as well as the entire retail industry (Steinberg, 2021). The significance of the case lies in the fact that it highlights the importance of cybersecurity and the need for organizations to take proactive measures to protect their customers’ data. One ethical framework that can be used to analyze this case is the utilitarian framework. The utilitarian framework focuses on maximizing the overall happiness or well-being of society and focused on the impact of decisions. The principles from this framework that apply to the case include the need to protect customers’ privacy rights, the importance of transparency in communication, and the need to take proactive measures to prevent data breaches (SNHU, n.d.). The utilitarianism framework can be used to examine the ethical issues of the case by evaluating the impact of Target’s actions on its customers and society, assisting in identifying the ethical implications of the case. For example, Target’s failure to protect its customers’ data resulted in a breach of their privacy rights and caused widespread financial and emotional harm. The breach led to several point-of-sale systems being compromised by malware, giving cybercriminals access to millions of customer’s personal and financial data. This caused a great loss of trust in Target and a decrease in customer confidence.
The ISC2 code of ethics is a collection of requirements that apply to how information security professionals act, interact with others, including employers, and make decisions (Infosec, 2022). The 2013 Target data breach highlights several ethical issues that are addressed by the ISC2 code of ethics. Target failed to protect its customers’ data, which is a violation of the code’s principle of protecting society, the common good, necessary public trust and confidence, and the infrastructure. Target’s lack of transparency in its initial response to the breach is a violation of the code’s principle of acting honorably, honestly, justly, responsibly, and legally. The potential violation of customers’ privacy rights is also a violation of the code’s principle of providing diligent and competent service to principals (ISC2, n.d.). The ISC2 code of ethics can be used to analyze the case by evaluating Target’s actions against the principles outlined in the code. Target’s failure to protect its customers’ data is a clear violation of the code’s principle of protecting society, the common good, necessary public trust and confidence, and the infrastructure (Infosec, 2022). By analyzing Target’s actions against the principles outlined in the code, it becomes clear that Target failed to meet its ethical obligations to protect its customers’ data and prevent data breaches. In conclusion, the 2014 Target data breach highlights the importance of cybersecurity and the need for organizations to take proactive measures to protect their customers’ data. By analyzing the case using ethical frameworks and professional codes of ethics, it becomes clear that Target failed to meet its ethical obligations to protect its customers’ data and prevent data breaches. Organizations can learn from this case by taking proactive measures to prevent data breaches and protect their customer’s privacy and security.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
References ISC2. (n.d.) ISC2 Code of Ethics . Retrieved November 8, 2023, from https://www.isc2.org/Ethics Rockefeller, C. (2014, March 26). A “Kill Chain” Analysis of the 2013 Target Data Breach . U.S. Senate Committee on Commerce, Science, & Trasporation. Retrieved November 8, 2023, from https://www.commerce.senate.gov/services/files/24d3c229-4f2f-405d-b8db- a3a67f183883 Young, K. (2021, November 1). Cyber case study: Target data breach . CoverLink Insurance - Ohio Insurance Agency. Retrieved November 8, 2023, from https://coverlink.com/cyber- liability-insurance/target-data-breach/ Steinberg, S., Neary, A., & Neary, S. (2021). Target cyber attack: A columbia university case study . Columbia SIPA. Retrieved November 8, 2023, from https://www.sipa.columbia.edu/sites/default/files/2022-11/Target%20Final.pdf Mukumbi, K., (2016). Target's debit/credit card data breach . In Sage Business Cases. SAGE Publications, Ltd. Retrieved November 8, 2023, from https://doi.org/10.4135/9781473953369 Infosec. (2022, March 7). The (ISC)2 code of ethics: A binding requirement for Certification . Retrieved November 8, 2023, from https://resources.infosecinstitute.com/certifications/cissp/the-isc2-code-of-ethics-a- binding-requirement-for-certification/ SNHU. (n.d.). Guide to Ethics. Brightspace. https://learn.snhu.edu/d2l/le/content/1432820/viewContent/28037553/View Kumar, M. (2014, January 21). 23-year-old Russian hacker confessed to be original author of BlackPOS malware . The Hacker News. https://thehackernews.com/2014/01/23-year-old- russian-hacker-confessed-to.html

Related Documents

Blumenstein_E_CST610_Project_3 (1) (2).docx
ElliottBlumenstein_CST610_Project_1_SARS (2).docx
BlumensteinElliott_CST610_Project2 (3).docx
Blumenstein_E_CST610_Project_4.edited (1).docx
Blumenstein_E_CST610_Project_4.docx
Blumenstein_E_CST610_Project_3.docx
Module_2.2.docx
Module 7_1.docx
Week 5 Discussion.docx
Week 6 Discussion.docx
Guided Practice Report Template.docx
Guided Practice Report Template.docx