Target Breach: 70M Records Stolen, 2nd Largest Retail Breach Ever

Target breach becomes the second-largest retailer security breach after the TJX breach in 2007. The company operates 1,797 stores in the U.S. and 124 in Canada. Breaching took place when an unauthorized person accessed the sensitive information of its customers. The breach affected more than 41 million of the company's customers, and 70 million records of personal information were stolen. The breach at Target Corp. exposed the credit card and personal data of the customers. According to a source during the investigation of the 2013 data security breach, the data breach began when a malware-laced email phishing attack sent to employees at an HVAC firm.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Reasons why Target Failed to Stop the Security Breach

Securing massive amounts of connected systems is technically challenging, especially for a company like Target, which possesses vast networks across the nation. The company tried some of the ways to avoid security breaches because of the report of retail breaching within America. The idea of breaching reported that cybercriminals targeted depots and retailers, six months before the Target breaching (Bankinfosecurity, 2014). Target took the initiative to avoid malware and data exfiltration attacks. The company deployed a well-known and reputable intrusion and malware detection service guided by the CIA during its early development named FireEye. The deployments did not prevent the breach from happening because multiple malware alerts were ignored, administrators who were not familiar with the FireEye system turned off some prevention functionalities. Hence Target Corp. missed the early beach discovery.

The breach took place between November 27 and December 19, exposing the customers' names, credit, and debit card numbers, and the expiration dates and verification values of the cards and three-digit security codes of the corporation were also exposed. The breach was not detected for weeks because Target's network exploited in both technical and legal perspectives. Even after the investigations were carried out, there is no report were the cybercriminals were arrested, and this practice makes it legal for hackers to unauthorized access the data of various companies within the nation( Bankinfosecurity, 2014).

With the increasing number of security breaching, many people come to think of the usefulness of existing security devices, solutions, distributions, and executions to protect the people against the breach. It is understood that the stealing of credit card information of 40 million Americans has a huge negative impact on the Retailer's reputation and its customers (Bankinfosecurity, 2014). There are several ways in which the company can encourage their customers to apply data security strategies as a way of reducing data leak. Looking at the timeline between when Target suspected the breach and the time the malware was removed, we find that many people find it difficult to trust the company again and opt to other retailers.

Many people have come up with theories to talk about the breach at Target. What happened before and after the security breach, yet none of it confirmed to be true. Before the breach was reported to the press, we find that the company had enough time to stop the breaching, but they did not because they trusted the installed security devices they had before the breach. For instance, there is a timeline written so that those affected during the attack may understand what took place.

What happened during the Target BreachingIn September, hackers compromised Fazio Mechanical Services, but the company ignored the malware warning even though the company's credentials were first compromised before the breach. Through compromising of Fazio Mechanical Services, the hackers accessed Target network and identified the weak points to exploit. Some of the companies vulnerabilities were used to build bridges for data reaching while others were used to gain access to data of the company's customers. These vulnerabilities enabled hackers to be aware of all the sensitive and non-sensitive networks within the company, making them choose the sales network as the weak and non-sensitive network. On November 15, cybercriminals broke into Target's network and tested malware on POS machines. Instead of preventing them from room checking the malware, we find that some administrators turned off the FireEye with an excuse that they did not know what FireEye was and why it was in the building.

November 27, when the attackers began to collect credit card data, the company did not alert their customers on what they should do when they receive an alert of fraud. November 30, when the POS malware fully installed and the attackers installed data exfiltration malware making Symantec and FireEye alert triggered, the company ignored the warning believing there was no security breach. December 2, Attackers began to move credit card data out. Additional FireEye alerts triggered is when the company decided to report the security breach for investigations. After notification by Justice on December 12, the breaching did not stop; instead, more information of 70 million more personal information acquired by the attackers. On December 15, Target removed most malware after the hackers have done more harm than good to the company's reputation.

After the breach, many parties got involved in investigating what led to the breach. Some of the parties are; the FBI, United States Secret Service, iSIGHT Partners, among others. Companies like H.P. were also involved in the discovery of the malware and notified Target about the marketing of the stolen credit card information. Some of the company's customers also suggest that the compromise is most likely to connect to an insider. Giving reasons using the examples of Snowden/NSA and Wikileaks/Bradley Manning affairs. It is believed that insiders can cause great damage to Target Corp. because of some basic controls that they may have in place. There is a possibility that the company protected their systems from external intruders, but did not take into consideration the same measures when it came to securing insider access. It is also possible that the debit and credit card information was most likely taken from Target's switching system for approval and settlement, and was not stopped because of remotely installed malware.

Security experts show the breach of Fazio Mechanical Services Inc., a refrigeration vendor that serves Target Corp., may have played a role in the company's point-of-sale malware attack. The company announced that the breach was the result of hackers stealing electronic credentials from one of its vendors. Later on, a "sophisticated cyber-attack operation" was reported by Fazio Mechanical Services. As a result, the vendor breach led the hackers to Target's POS network. The hacking of Target's POS network was made possible if the hackers got into the contractor account as a means of finding their way over to the POS systems. The network made it possible when the Target network penetrated using the inadequately segmented customers` data from the contractor environment. The hackers realized that the company's credentials were compromised, and they pushed their way into the cardholder data location from the contractor's network segment.

In January 2014, Target confirmed that breach of an unnamed vendor was used to access their network. The breached could have been done through installing the malware through a network perimeter using various vectors. First, the hackers may have used remote administration channel attacks before ending weaknesses manipulation in the external network of the company. It may have been made possible with misconfiguration errors in network infrastructure. In avoiding this kind of possibility, the Target network should be segmented and divided according to the PCI agreement.

Target suggested that the breach was an outside attack. The breach took place through the infrastructure that Target uses to send updates down to their point- of- sales terminals. The breach initiated at the network level, given the breadth of the attack. The attack was to their system, and the transactions not impacted. The malware was automatically downloaded to the hackers' server giving them access to 40,000 of the company's 60,000 point-of-sale terminals. Once the malware was infected, the devices were instructed to accumulate and forward mag-stripe information gathered during transactions at the point-of-sale (POS). The data disclosed during the attack was likely caused by a POS system attack. It is because both the expiration dates and CVVs were lost.

Immediately the company was made aware of the breach. Target alerted authorities and financial institutions. Target also partnered with a leading third-party forensics firm to conduct a thorough inquiry of the event. The company's customers who have suspected an impact in their cards instructed to contact Target directly and monitor their credit accounts. There are doubts about whether the attackers visited the 1,800 US stores affected during the attack. Instead, the breach was virtual intrusion because no significant reports of personal identification numbers (PIN ) fraud was reported making it likely that the PIN used in debit card transactions not exposed during the breach. It was made certain by FICO Card Alert Service when it was reported that there is no evidence that PINs are in play and being used for unauthorized ATM withdrawals (Bankinfosecurity, 2013).

When investigating the beach, it was concluded that the outdated magnetic-stripes contributed to the data breaching. The mag- stripes on the payment cards are vulnerable for skimming. To avoid future breaching, Target Corp should move to chip/smart cards. When customers use chip payments such as Europay, MasterCard, Visa standard, then there is no possibility of accessing the CVV data from a chip-based transaction( Bankinfosecurity, 2013). The replacement of static CVV values with dynamic CVVs through the use of EMV chip cards is more secure hence stopping hackers from counterfeiting cards with stolen transaction data. Although Target made a lot of effort in protecting their customers` data generated from magnetic- stripes card transactions, hackers will find a way to get the secured information. The best way to overcome the challenge the company should adopt secure EMV chip cards.

How the credit cards retailers should handle security breach

Banks should focus on informing their customers about monitoring their accounts for any fraudulent activity (Bankinfosecurity, 2013). In case of any fraud alerts offered by bank institutions, customers should take advantage and report to the relevant authority. According to financial institutions executives, 28% of customers affected during the breaching are likely to have their cards misused to commit fraud. The Retailer should hold a higher standard of data security. The company should be clear about how they reach out to their customers. It helps the customers to identify legitimate communication so that they are not fooled into divulging personal information to the criminals. The breach offers a fertile ground for social-engineering schemes, such as texting and phone calls, to acquire information from Target customers. Banks should have a secured online banking website to communicate with their customers in case they need to replace their cards arise. Banks should also encourage their customers to change their PINs associated with their cards.

Ways to Avoid Future Breaching in Target Corp.

The forensic investigation done after the attack showed that the Target breach was more likely as a result of a sequence of attacks conducted over a long period. On many occasions, customers of an organiz...