Target data breach case study

2. TREY
research
• Established in 1881
• US retail corporation
• 8th largest retailer in USA
• 1800+ stores across US
• Sells household essential, food and beverages,
apparel and accessories..etc.
2

3. TREY
research
Data Breach
• One of the biggest data breach in US History
• Hackers stole 40 million customers debit and credit card details
and 70 million records of personal information in between
November 27 December 2013
3

4. TREY
research
What is Data Breach?
A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted
environment.
• What is data breach?
• What attackers would do with stolen data?
• Types of data breach?
Inside leak
Payment card data
Loss or theft of device
Breach by mistake
Unknown breaches
4

5. TREY
research
Timeline
5

6. TREY
research
How is it happened?
• Phishing attack against Fazio Mechanical Service
• Accessing the Target network
• Gaining access to vulnerable machines
• Installing malware on POS terminals
• Collecting card information from POS
• Moving data out of the Target network
• Aggregating stolen card and person data
6

7. TREY
research
Attack Steps of the Target Breach
Add a footer 7

8. TREY
research
Why? The Reasons
Add a footer 8
• Giving access to an HVAC vendor FAZIO mechanical services to the systems.
• Target company failed to enforce the ‘security review of it’s vendors network system.
• Lack of network segmentation which have provided easy access into their network from POS to back
end systems.
• Multiple Password files were stored inside the network including the login credentials of various
systems.
• Use of many misconfigured services such as Microsoft SQL and the likes of Apache tom cat servers
using default passwords.
• Critical failure of using outdated systems and using outdated versions of software such as Apache,
IBM WebSphere etc.

9. TREY
research
WHO CAUSED THE ATTACK?
 Large scale data theft like the attacks against the target is usually
the work of an organized team of cybercriminals
 The group of cybercriminals behind this great hack belonged to
RUSSIA, UKRAINE along with ROMANIA
 Data were stored in three temporary location which then was
transferred to the main server (Moscow)
 Same set of people were linked to similar attack against “HOME
DEPOT” in the summer of 2014

10. TREY
research
CONTD - From the main server
 Data stolen from target was put on sale on black markets
(rescator.so) also known as dark web
 Traded in BITCOINS or any cryptocurrency
 Cards are sold either in batches or as a single card and the
price of each card varies. For example- target cards were sold
from price range of 20 dollars to 150 dollars
 The information can be copied onto credit card blanks to turn a
fake card into a real one.
What Do Buyers Do with Stolen Information?

11. TREY
research
Effects of Data Breach In Target
Add a footer 11
• REPUTATION DAMAGE
• Lose customer trust and business
• FINANCIAL LOSS
• $116 millions on settlement
• Holiday sale fall
• Huge net loss
• OPERATIONAL DISRUPTION
• CEO Resigns
• Layoffs and hiring freeze

12. TREY
research
How to prevent Data Breach
12
• Vulnerability and compliance management
• Safeguard physical data
• Train employees in security principles
• Protect information, computers and networks
from cyber attacks
• Make backup copies of important business
data information
• Protect portable devices
• Use data encryption and strong password
protections

13. TREY
research
Lessons Can Be Drawn From This Case
13
• EMV Technology Alone Is Not Enough to Stop Fraud
• Network Segmentation Is a Necessity
• Third-Party Oversight Is Part of Compliance
• Log Monitoring Needs Analytics
• Cyber threat Intelligence Sharing Must Improve
• Implemented POS management tools
• Expanded the use of two-factor authentication and password vaults
• Limited or disabled vendor access to their network
• Improved firewall rules and policies
• Implemented POS management tools
If these changes have been implemented as Target describes, they would help address the weaknesses
exploited during the attack

14. TREY
research
The Final Lesson of The Target Data Breach
14
• It’s important for merchants to understand that the range of security threats can be wider than
standard PCI compliance. Monitoring networks and being attentive to disruptive or unusual patterns
in a system’s network is crucial to protecting their systems – and in turn, customer data. Target is
just one of many companies to have faced a major data breach. Make sure your company or business
is protecting your customers the best they can.

15. TREY
research
Conclusion
15
There is no silver bullet in cyber space against data breaches. With the increasing amount of data leak
incidents in recent years, it is important to analyze the weak points in our systems, techniques and
legislations and to seek solutions to the issue.

16. TREY
research
Q&A
16
 What is the major cause of data breach incident in target?
 As a manager, what would be your first step if your company
gets any cyber attacks like data breaches? And also explain
about further steps you are going to make?
 tell about the best 3 ways to prevent a data breach in any
organization?
 What are the consequences of a data breach?
 As a business student, What did you learn from this case
study?

17. TREY
research
17
Thank You