Target and a Historical Data Breach
What happened?
In November 2013, Target suffered one of the largest data breaches in history. Hackers gained access to 40 million credit and debit records and 70 million customer records. Like Puma, this breach was through a third-party vendor that had access to Target’s systems. A refrigeration contractor, Fazio Mechanical, was compromised with a phishing email that contained a banking trojan. Thanks to this malware, credentials were stolen from the vendor and used to back their way into accessing Target’s incredibly valuable data.
Target brought in experts to evaluate how this happened, and they were able to “communicate directly with cash registers in checkout lanes after compromising a deli meat scale located in a different store,” according to the Krebs On Security report.
How does this impact you?
After the breach, Target notified the millions of customers that had been shopping over the holiday weekend. They also spent time and money investigating how this happened. If you were one of those shoppers, you probably got issued a new credit or debit card and moved on with your life. Many folks decided they no longer trusted Target enough to shop there.
What to do next?
The real thing to remember here is that Target was compromised because of a phishing scam, improperly secured credentials, and the continued use of default and weak passwords used by the vendor. This could’ve happened to anyone. It’s critical to use unique passwords both at work and at home. If you see or know of a gap in your company’s data security, contact your administrator. Being smarter about how fraud happens can keep you and your business safe.
Sources:
https://redriver.com/security/target-data-breach
https://krebsonsecurity.com/2015/09/inside-target-corp-days-after-2013-breach/
