The Target breach case study- Management Information System class

Read the Target case study. Define terms such as threats, safeguards and targets. What type of threat(s) did Target face? Which specific techniques did the hackers use?

Hitting the Target

Lost 40 million credit and debit card numbers

Later, announced additional 70 million customer accounts stolen that included names, emails, addresses, phone numbers, etc.

98 million customers affected

31% of 318 million people in U.S.

Stolen from point-of-sale (POS) systems at Target stores during holiday shopping season

Target Data Breach

1.Bought malware

2.Spearphished users at Fazio to get login credentials on Target vendor server

3.Escalated privileges, accessed Targets internal network, and planted malware

4.Trojan. POSRAM extracted data from POS terminals

5.Sent data to drop servers

Damage

Loss of customer confidence and drop in revenues (46% loss for quarter)

Direct loss to Target as high as $450 million

CIO resigned, CEO paid $16 million to leave

Cost credit unions and banks more than $200 million to issue new cards

Insurers demand higher premiums, stricter controls, and more system auditing

Consumers must watch their credit card statements, and fill out paperwork if fraudulent charges appear