Target Corporation Data Breach
This breach is alleged to have cost over $200 million to credit card union in replacing the cards. The breach cost the company a net of $162 million net of insurance compensations (Kashmiri, Nicol & Hsu, 2017). This data breach was the second largest to ever happen in the American history and in the end had negative implication the company ranging from government enforcement, private litigation, declining stock price, and damaged customer trust and loyalty. Target Corporation is the second largest retailer in the US only behind Walmart. The company was founded in 1902 in Minneapolis by George Dayton and was originally named Dayton Company and underwent a number of changes throughout its life until it 200when it finally settled on the Target Corporation. In January of 2014, the company released another report stating that the breach had affected the names, phone, numbers, email addresses, and mailing address, of additional 70 million individuals had also been stolen as a result of the breach (Kashmiri, Nicol & Hsu, 2017).
This brought the possible number of people affected by the breach to about 110 million. Target in February 2014, revealed that breach into the system had occurred vial a third party system HVAC Company; heating, refrigeration, and air conditioning subcontractor. The hackers entered the system using the using stolen credentials from Fazio Mechanical Services a provider HVAC systems (Kerner, 2014). It is speculated that Target had given this vendor external access to the system so as to allow the vendor to monitor the temperatures within the stores remotely and troubleshoot where possible to ensure that all shoppers are comfortable while in the store. Other customers even went a step further to withdraw their personal and credit card information from the company’s website/database.
Targets’ data breach also had a negative impact on the customers’ loyalty (Scott, 2015). Customers are loyal to organizations that offer protection to their personal information since they feel comfortable and safe. The breach created a negative public image for the company. Many customers were, therefore, afraid to use their credit cards to purchase goods from Target. Subsequently, on 10th January 2014, the company announced that the extent of the breach had affected 70 million additional customers bring the number of those affected up to 110 million (Davis, 2015). The fall out that followed the breach resulted in the resignation of the Company’s Chief Information Officer together with an overhaul of the entire data security team. The company stated that it was going to recruit new Chief Information Officer and the Chief Compliance officer from outside of the organization.
Notably, the organizations CEO, Gregg Steinhafel, resigned after the breach citing that there was a need for a transformation in leadership (Davis, 2015). Target Corporation announced the data breach after four days. By confirming that the there was a breach, but the organization had already pointed out the weaknesses, Target Corp showed that it still can offer protection and safety by rapidly fixing the breach problem. In accordance with Target Corporation 2012 annual report, the company made it clear that it had a responsibility of protecting the personal information of its guest and team members. The company recognized that if it failed to successfully protect the personal information of its guests, then it could be subjected to government enforcement actions and other private litigations.
In addition, its reputation would be greatly harmed. The company stated in its report that the nature of its business enabled them to collect and store the personal information of its members and guests. Shareholders in Target Corporation did show any major reactions towards the data breach news. Evidence shows that shareholders neither have information regarding security incidents nor sufficient tools to evaluate the impact of data breaches. Therefore, shareholders tend to react to breach incidents that directly impact the business operations like litigation charges or leads to an immediate change in the organizations expected profitability (Kerner, 2014). Additionally, it is also evident that Target's hesitation to announce the security incident aimed facilitated shareholders uncertainty and hesitation with respect to how to factor in the impacts of the data breaches.
Note that Target announced in 2014 Annual Report that breach had cost the company $162 million. A major technique of preventing breaches is through monitoring the flow of information with Network Segmentation. Target’s failure to segment sensitive assets facilitated the hackers to undertake his attack from the interior. Despite the organizations, zero trust networks that ensure all traffic is identified, monitored and authorized, it was still possible for the attacker to breach the organization's system. Therefore, Target should make advancements on the trust strategy to ensure that it protects the organization from external and internal attacks. Additionally, the organization should ensure that the strategy is effective in vast scale networks. The delivery phase which involves the transmission of the weapon to the target through websites or emails (Daimi, 2018): The exploitation phase which involves triggering of the code and exploiting vulnerable systems or applications: Installation phase that entails installation of a backdoor on the targets system hence allowing persistent access.
The last phases include the command and control as well as the actions on objective phase. In conclusion, it is evident that data breaches can happen to any organization in the digital era. Therefore, organizations should ensure that they have advanced defense mechanism that protects systems from attacks. Also, organizations need to improve their responsiveness to security alerts since they could be an indication of a major breach. Education Week, 35(9), S6-S7. eisinger, D. Target's Massive Data Breach: 10 Things You Need to Know. Eweek, 8. Kashmiri, S. Bullseye breach: Anatomy of an electronic break-in. Edina, Minn. Beaver's Pond Press. Target store data breaches: Examination and insight. Place of publication not identified: Nova Science.
From $10 to earn access
Only on Studyloop