Data Breach

A case study on data breach: Data breach in Target

Sudhabindu Deb

Wilmington University

SEC 6030

Brian Arcidiacono

January 26, 2016

Target's data breach was a big cyber attack in the retail industry. This cyber attack was a big loss to Target, its customers and the associated financial institutions. As Target has reported that as of its quarter that ended November 1, 2014, it had cumulatively incurred $248 million in data breach related expenses1. There may be several reasons such as economic, technological and strategic behind such data breaches. The cyber criminals who are responsible for cyber security breaches become economically benefitted by selling the sensitive financial data especially the credit and debit card information of the customers in the black market. There are minimum chances that these criminal will be arrested as it is hard to identify the attackers and lowest international cooperation to become successful.

The attacker did not attack any system located within Target’s locations to get entered to the entire system. They attacked Fazio Mechanicals, a HAVC service provider to Target who were authorized by Target to submit document and information related to their contract with Target. So, basically Fazio was feeding data into Target’s system and remained unprotected from cyber attack.

Once they get entered into the Target’s system, and Target did not respond to the alarm on time, the attackers successfully did their job. The credit and debit cards are vulnerable to fraudulent use by unauthorized person if the information is stolen. A malware called “memory scraper” can capture information from the customer’s card that is swiped in the POS before the card become encrypted. Unfortunately, most of the cards used in the USA are not encrypted as they are magnetic striped card. Another thing is that all the transaction are done using internet and are real-time. So, stealing information using malware through the POSs is not that hard....