The 2013 Target Corporation data breach is one of the most significant data breach incidents in recent years. Although Target is a multi-million-dollar company, every business owner can benefit from learning about the corporation’s major security event. Below, we cover the major points of the data breach, including why the data breach occurred, how Target responded, and what we can learn from the outcome.
What happened to Target
The Target Corporation suffered a large-scale data breach between November 27 and December 18, 2013. During this window, hackers stole around 40 million credit and debit card numbers, along with 70 million personal records containing sensitive information.
Although the exact methodology behind the data breach is unclear, there are a few things we know for sure:
- A phishing attempt happened with third-party vendor Fazio Mechanical Services (FMS).
- During the successful phishing attempt, hackers installed a trojan horse on the FMS system.
- FMS had existing access to Target’s external billing network.
- Through FMS, the trojan horse infected Target’s business network section.
- Malware was easily installed onto point-of-sale devices at Target.
- The malware scanned encrypted card information from these point-of-sale devices.
- The hackers hijacked three internal servers and then set those up to receive this encrypted information.
- The servers sent the information to other machines already compromised by the hackers.
- It’s likely that stolen credit cards, and stolen information, were made available on the black market.
It didn’t take long for the damage at Target to spread. For business owners, the two most important questions are these – how did the breach occur, and how did it spread unchecked?
Inside the Target data breach
There are a few very simple reasons why the data breach occurred at Target in the first place. These reasons also explain why the damage spread so quickly through the systems and why it went unchecked for so long.
- The third-party vendor, FMS, didn’t have a robust security system in place, and their staff members were not trained in preventing and detecting phishing scams.
- Although the malware entered the chain through a third party, Target had not properly segmented their network, which could have prevented spreading damage to the business section or other network segments.
- Because of security system flaws, the hackers easily chose backdoor usernames and passwords to control the three servers.
- Target ignored security system warnings from their antivirus programs.
- Target didn’t protect their point-of-sale devices from unauthorized access.
Although Target had some security, such as firewalls and a VLAN network, they didn’t take all reasonable steps to secure their data.
The lessons we can learn from Target’s 2013 data breach
Every business owner can take lessons from this major data breach.
- Staff must be properly trained in detecting phishing scams and employing cybersecurity protection
- Warnings should be prioritized and acted upon quickly based upon a written cybersecurity contingency plan that everyone can access
- Networks should be properly segmented to isolate any issues, and incoming and outgoing traffic must always be identified, monitored, and validated for authorization
- Strong passwords must be implemented and regularly updated to protect point-of-sale devices and other sensitive hardware
We can’t always protect our businesses from cyberattacks but we can take a multifaceted approach to protecting data at every possible stage of network activity.
Your business needs a multilayered cybersecurity plan
A comprehensive, multilayered cybersecurity plan is the only way to protect your company’s data from increasingly sophisticated hackers. Every business is a possible target. Only by developing a multifaceted security plan can you mitigate the threats and minimize the risks associated with a data breach.
For expertise in developing a multilayered cybersecurity plan and more insight on how data breaches can affect your business, contact Entech today.