Essay Example on Target's Data Security: Ensuring Trust and Safety

Introduction

Information security is a crucial component of every organization. Information security has numerous definitions, but they all center on achieving integrity, confidentiality, and information or systems availability (Sumra et al., 2015). The goals mentioned above are vital since they guarantee trust and data safety. Concerning Target, the second-largest retail store in the United States, data security is critical in ensuring that administrations adopt best behaviors and protect customers' financial information and the organization's data. In the year 2013, Target faced a massive blow as it experienced a security breach that affected more than 70 million customers. Target's financial and personal data got stolen. A susceptibility in one of its dealers, Fazio Mechanical Services, made the breach possible. This paper targets to analyze the 2013 Target Breach and answer various questions that arise from the study.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Stolen Information from Target Corporation and its Security Effects

Since Target began its operations on May 1, 1962, at Roseville, Minnesota, it had strived to maintain a good customer relationship. Also, Target aimed at differentiating itself from other discount retailers by offering a variety of features at lower prices. After the company went public on October 18, 1967, then referred to as "Dayton Corporation," it expanded extensively across the United States. Today, Target is behind Walmart as the second-largest discount retail corporation. By 2014, Target had 1, 793 retail stores in the United States and had hired approximately 360 000 workers. Target's yearly returns amounted to $72.6 billion in 2014 (Reuters, 2017). Although Target had strived to set a class for its customers during its operational years, challenges were inevitable. One of the problems that hit Target happened in 2013 when it underwent an enormous data breach that compromised the financial data of millions of its consumers.

Breach Notification

The U.S Department of Justice contacted Target on December 12, 2013, after two security alerts got detected by malware in India and Minneapolis. The alerts happened on November 30, 2013, and December 2, 2013, respectively. After Target got contacted, it, together with the Federal Bureau of Investigation (FBI), started investigations immediately. Initially, Target had repudiated claims that debit card PINs had been compromised. However, later reports confirmed that it was true that the PINs had been stolen (Belock et al., 2013). The company provided another update on January 10, 2014, delineating the personal information that got compromised. The private information included addresses, names, email addresses, and phone numbers.

Effects of the Security Breach on Target’s Security

The security breach made Target feel threatened, and it responded by commissioning security specialists at Verizon to help in unveiling how the breach occurred. The 2013 security breach at Target saw 40 million debit and credit cards getting compromised. The offense also affected over 70 million customers (Belock et al., 2013). By losing customer trust, Target experienced a vast slash in its annual revenue accumulation.

Effects of the Security Breach on Target’s Customers

As mentioned above, some of the information that got stolen from the target were customer's email addresses, phone numbers, names, etc. This statement implies that the customer was at risk of losing goods and services. Customers' debit and credit cards are essential to access tools. Therefore, losing these items means that customer trust and worthiness get affected.

Control Measures to Avoid the Breach

The breach at Target stemmed from hijacked Fazio Mechanical Services credentials. Fazio is a third-party service provider and supplies refrigeration services and devices. The service provider started working with Target to improve the expansion of new food stores across the United States. However, claims state that Fazio was vulnerable to hackers' attacks due to its poor IT and security systems. For Target to avoid any security breach, the following control measures could have been a critical priority:

Monitoring all the security and IT systems of their vendors to ensure that they comply with the industry best practices, employ a qualified workforce and provide necessary surveillance facilities to help monitor their operations, Investigations revealed that once one had access to the internal target network, nothing could prevent the hacker from accessing the Point of Sale (POS) terminals. To solve this problem, Target could have provided a network segmentation. The segmentation could prevent a malicious user from traversing the network, thus making it impossible to access devices such as the POS. Target should have implemented a password policy and enforce it.

Reason Why Hackers Target the Retail Sector

The reasons that make the retail sector more vulnerable to hackers include: (1) Most retailers use the CNP or the Card-not-present data. The CNP is a form of a scam whereby the customer does not produce the card during a transaction directly to a merchant. This form of fraud is common in online purchases. Due to the rise of e-commerce, hackers are finding an easy path. (2) Most retailers still lag in technology by failing to update their legacy security systems. This negligence leaves the retailer and the customers at risk of attack. Due to the lack of advanced security systems in the retail sector, criminals use the chance to steal credit and debit card data, unlike the financial industry. (3) Hackers target the retail sector because most retailers do not use end-to-end encryption (P2PE) in their POS systems.

References

Belock, B., Fasheh, F., Mckeever, A., & O’Rourke, J. S. (2013). Target Corporation: Predictive Analytics and Customer Privacy. doi:10.4135/9781526403568

Reuters. (2017, May 24). Target Settles 2013 Hacked Customer Data Breach For $18.5 Million. Retrieved July 05, 2020, from https://www.nbcnews.com/business/business-news/target-settles-2013-hacked-customer-data-breach-18-5-million-n764031

Sumra, I. A., Hasbullah, H. B., & Manan, J. A. (2015). Using TPM to ensure security, trust and privacy (STP) in VANET. 2015 5th National Symposium on Information Technology: Towards New Smart World (NSITNSW). doi:10.1109/nsitnsw.2015.7176402