In what is one of the most calamitous cyber-crime attacks that organizations storing personally identifiable information and card-holder data have faced, Target Corporation, one of America’s leading and reputed retailing company and chain of retail stores, has succumbed to a data breach that allowed hackers to compromise, as it is estimated, a massive 40 million credit card and debit card data of end-customers.
When: Between November 27th and December 15th, 2013
Where: The attack impacted almost all of the 1800 retail stores that Target runs in the USA.
What was stolen: Around 40 million customer credit card and debit card data stored by Target’s data warehouse. The data theft included names, card numbers, expiration dates and three-digit security codes which could allow criminals to make fraudulent purchases almost anywhere in the world.
The Impact: Brian Krebs in his blog, Krebs on Security, analyzes that the type of data stolen (aka “track data”) allows the cyber-thieves to create counterfeit cards by encoding the information onto any card with a magnetic stripe.
It is also theoretically possible that the hackers could intercept PIN data for debit transactions and create phony debit cards and use them to withdraw cash from ATMs.
It is estimated that Target could end up spending almost USD 100 million to cover legal costs and to fix whatever went wrong. The company would probably have to reimburse banks and their customers for the unauthorized and illegal transactions made by the hackers using the secure card data. In short, victims like Target will have to face:
- Financial penalty and settlement for the banks and customers for their money loss
- Customer and industry reputation at stake for not being able to safeguard secure customer data
- Impact of the heist reflecting on the company’s stock prices
- Possible lawsuits from the affected parties
- Loss of time and productivity in dealing with all these issues
- Attack on one IT system could also have cascaded attacks on other dependent applications and servers.
How it happened: Target has not disclosed the mechanism of the attack or any clear motive behind it. Security experts are performing forensic analyses to determine the modus operandi of the breach incident. According to the Wall Street Journal, this theft “may have involved tampering with the machines customers use to swipe their cards when making purchases.”
Target’s Notice to Affected Consumers:
- Target Confirms Unauthorized Access to Payment Card Data in U.S. Stores
- A Message from CEO Gregg Steinhafel about Target’s Payment Card Issues
It’s not just Target that’s being targeted. Any organization whose security data protection measures are not sophisticated and advanced enough to defend against hack attacks could end up being compromised.
What Should We Learn from This Incident?
Security is not just a prerogative to a few chosen systems, the entire IT infrastructure is an arena for hackers and cyber-crime perpetrators to inflict damage upon and find inroads for intrusion and transgression. We need to be able to institute comprehensive defense mechanisms and security measures to stay on the vigil and monitor all aspects of the IT infrastructure including servers, employee workstations, network devices, security appliances, cloud infrastructure, and so on. Logs are a good means to start monitoring your IT systems. Every device and system will have logs that record the activities and events happening in real time. If we have immediate access to these logs and are able to interpret any suspicious behavior patterns or policy violations, it’ll be easier to identify possibilities of imminent attacks. Log management is a necessary call to action and a good entry point to start implementing enterprise information security strategy.
More info on Target breach (Mar 2014): Target Hackers Broke in Via HVAC Company — Krebs on Security