Anyone in the cyber security should be well aware of the major Target data breach of 2013 when millions of customer credit and debit card records were stolen. Writers at Krebson Security reveal that this breach happened through access granted to an HVAC company that Target had contracted with, Fazio Mechanical Services. Though the breach happened through these accounts, it was still entirely the fault of Target’s IT security team that the breach occurred.
Between Nov. 15 and Nov. 28, 2013, the breach occurred thus allowing attackers to install malware on Target’s point-of-sale devices and pilfer data from approximately 40 million debit and credit card accounts.
The stolen credit and debit card data was transferred to various “drop” locations, including compromised servers in the United States and Brazil. This later made the hackers far more difficult to trace. The investigation is ongoing, with potential liability for Target regarding PCI compliance standards. Estimates by analyst put Target’s potential losses from the breach at roughly up to $420 million, including costs for card reissuance, fines, legal fees, and system upgrades for chip-and-PIN technology. It is unknown if Target’s insurance coverage may have offset some of these expenses.
Leave a Reply