Target: The Largest Data Breach/Attack Essay

1651 words - 7 pages

In December 2013, Target was attacked by a cyber-attack due to a data breach. Target is a widely known retailer that has millions of consumers flocking every day to the retailer to partake in the stores wonders. The Target Data Breach is now known as the largest data breach/attack surpassing the TJX data breach in 2007. “The second-biggest attack struck TJX Companies, the parent company of TJMaxx and Marshall’s, which said in 2007 that about 45 million credit cards and debit cards had been compromised.” (Timberg, Yang, & Tsukayama, 2013) The data breach occurred to Target was a strong swift kick to the guts to not only the retailer/corporation, but to employees and consumers. The December ...view middle of the document...

Investigators who examined the malware quickly noticed that it was designed to move data stolen from Target’s (then malware-infected) cash registers to a central collection point on Target’s network, a Windows domain called ”\TTCOPSCLI3ACS\”.
Regulatory and Industry Standards
Target, as a whole, is huge corporation/business. As a business, in order to stay open and run functionally, Target has to abide by regulatory and/or industry standards. The two regulatory and industry standards that are required for any financial, retailer, and/or business is Payment Card Industry Data Security Standard (PCI DSS) and Gramm-Leach-Bliley Act (GLBA). PCI DSS is a global industry standard while GLBA is a government regulatory standard. Target has to abide by PCI DSS and GLBA.
According to Kim & Solomon (2014), PCI DSS affects any organization that processes or stores credit card information. The PCI DSS is a comprehensive security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. GLBA requires that financial institutions provide their clients a privacy notice that explains what information the company gathers about the client, where the information is shared, and how the company protects that information. Companies must provide clients with this privacy notice prior to entering into an agreement to do business. (p. 272)
Security Information Technology Issues
Within the Target data breach of December 2013, there were several security information technology issues. A few of the issues were lack of security awareness and training, connection with outside businesses to main the system, and point of sale (POS).
With any business, it is imperative that anyone that works in the security sector (any form: security guard, security analyst, help desk, networking, information technology, etc.) have to have security awareness and training that all need to attend and adhere to. With Target, it became apparent that there was a lack of security awareness and training involved in relation to jumping on the data breach/threat. There was mention of some form of activity prior to December 15 on the Target systems. There are reports that state that security analyst within the corporation saw that there was something going on prior to December 15. However, the security analyst did not act upon the activity to research, prevent, or secure the systems. The breach's activity spread over the days until the notification came that there was a security breach with the Corporation. This could have been prevented if Target had some form of security awareness training.
According to Riley, Elgin, Lawrence, & Matlack (2014), Target found FireEye’s alerts from Nov. 30 and more from Dec. 2, when hackers installed yet another version of the malware. Not only should those alarms have been impossible to miss, they went off early enough that the hackers hadn’t begun...

Other Papers Like Target: The Largest Data Breach/Attack

Business Fraud Essay

933 words - 4 pages Data Breach Exposes Millions to Phishing Scams Data Breach Exposes Millions to Phishing Scams The following paper is about a data breach involving the world’s largest permission-based email marketing provider. The name of the company is Epsilon, “an Irving, Texas based marketing firm that develops and manages databases and offers marketing analytics and delivery services such as email communications

Ipad Security Breach Essay

1876 words - 8 pages iPad’s Security Breach Determine if hacking into a Web site is ever justifiable, applying your theory to a real-world case in which someone hacked into a system, including the name of the company and details. Sony Ericsson is the largest mobile phone selling and making company and their website has been hacked. Due to hacking of their website, there were 10 core online user accounts affected. In order to prevent the hacking, all servers were

Computer Ethic - Target Breach

2954 words - 12 pages by the authorities, Target Corporation was not able to stop the attack for several days after doing their own investigation. Target Corporation finally admitted to the breach in a December 19th press release, only after it was reported by Krebs on Security. I believe Target Corporation failed their customers on several ethical layers on how they handled this situation. First and foremost they were warned by their security firm, FireEye, about

Target Financial Analysis

2351 words - 10 pages the other hand, operates as a store with less-bulky items that would not easily fit in to a small apartment. With customers demanding easy accessibility, Target’s reputation as a “superstore” allows customers to save time by purchasing diverse items, such as a sweater and a spatula, in one location. In December of 2013, Target confirmed a breach of customer credit card data, resulting in the second largest breach of a retailer in history. By the

A Risk Analysis for Information Security and Infrastrucure Protection

1322 words - 6 pages eliminate security breach must be common practice. Assessment and evaluation of risk analysis should also be submitted to external reviews to ensure that internally, IT supervisors are not violating their own system (Taylor et al 2011, 294). This method fosters check and balance concept. Threat The second important aspect of risk analysis is to identify the threats facing an organization. The single largest threat to an organization and its

The Importance of Measuring Enterprise Impact

561 words - 3 pages software causing them to perform ineffectively. Data breach protection and prevention requires a thoughtful, realistic, and proactive approach to security across your organization. Everything from your vulnerability to your risk tolerance must be assessed. The truth is that there is no such thing as 100-percent secure. As such, hard decisions need to be made around the different levels of protection needed for different parts of the business. Most

Data Breach Research Papaer

1475 words - 6 pages opened the public's eye to the cyber flaws. However, not all hackers involve the theft of financial information. In 2014 another breach occurred, with the internet giant eBay. Fortunately, this breach only involved the theft of names, addresses, and dates of birth as well as manipulation of user passwords. In 2016 the largest data breach happened at Mossack Fonseca a panama law firm. The data contained information on wealthy people who invested

It Failure Paper

921 words - 4 pages Rash, W. 2013. How Target's Credit Card Security Breach Could Have Been Avoided. EWeek. Retrieved from http://www.eweek.com/security/how-targets-credit-card-security-breach-could-have-been-avoided.html Rosenblum, P. 2014. The Target Data Breach Is Becoming A Nightmare. Forbes. Retrieved from http://www.forbes.com/sites/paularosenblum/2014/01/17/the-target-data-breach-is-becoming-a-nightmare/

Network Security

586 words - 3 pages be allowed to the company network unless approved by VP or higher. Why such drastic measures, as I mentioned earlier network downtime or a data breach can cause major losses that could be devastating to any company. We can take the example of the Target data breach incident of 2013 where millions of customer’s credit and debit card information was stolen by a data breach. A simple task such as keeping a contractors password secured or a

Identity Theft and Protection of Ppi

1299 words - 6 pages send you a link to www.amazon.com. It is always safer to type in the URL yourself if you receive an email like this. Another increasingly used method for stealing identities is by stating the data of potential victims from a company or institution. One of the most famous cases of an attack such as this came against Target during November of 2013. In this breach, credit card and debit card numbers were stolen as the information was processed in

Is4560 Lab 1 Assessment

1248 words - 5 pages information, and basically any other method to attempt to breach security by obtaining trust. The major forms of social engineering are Phishing, Baiting, and Diversion Theft. 5. Enumeration is the first attack on a target network. It is the process to gather information about a target machine by actively connecting to it. It means to identify the user account, system account, and administrative accounts. Enumeration is the same as scanning a

Related Essays

The Three Largest Minority Target Markets: Hispanic, African And Asian Americans

1053 words - 5 pages The Three Largest Minority Target Markets: Hispanic, African and Asian Americans I. Hispanic Americans Population A. Total amount in the U.S.: There is 53 million Hispanic Americans living throughout the U.S. B. Percentage of total U.S. population: The Hispanic population contributes to 17% of the overall U.S. population C. Rate of growth: The growth rate of Hispanic Americans is 2.2%. D. Average household size: The average household size

Target Credit Card Breach Essay

682 words - 3 pages Target, which is the 2nd largest discount retailer in the country behind Walmart. In December of 2013, right in the middle of the holiday season, Target announced that there was a data breach involving millions of credit and debit card records. The breach may have taken place between November 27 and December 15. It is unknown which Target locations in particular were affected by the data breach. It was assumed that all Target locations were

It Failure Essay

848 words - 4 pages their systems from a third party affiliate (Riley, Elgin, Lawrence, and Matlack, 2014). The breach occurred between the days of November 27th and December 15th (“Data Breach FAQ,” 2015). Meaning this massive breach went on for a total of 19 days, which leads to the question: How could Target allow this to go on for over two weeks without noticing? This was a very well thought out attack because it was one of the busiest seasons of the year

Security For Web Applications Essay

1022 words - 5 pages RECENT CYBER ATTACKS SANDEEP VEMULAPALLI 12917417 IA-606 ST.CLOUD STATE UNIVERSITY SEP4, 2015 Cyber Attack: The attempt of breaching the security layers of an organization or a system by disrupting the network and there by accessing, stealing, modifying or destroying the valuable data and using the data for fraudulent purposes, causing a loss to the organization is called a Cyber Attack Origin: The idea of cyber attacks began at the