Target Data Breach Explained: A Case Study

The Target data breach was one of the largest in history.

The total cost of the breach was estimated to be around $292 million.

But beyond the astronomical financial impact, there are many lessons we can learn from this breach that are still relevant today.

In this post, we’ll cover everything you need to know about the Target breach including the important lessons learned.

Table of contents:

How did the Target Data Breach Happen

The Target data breach occurred in 2013 and was one of the most significant data breaches at the time. The attackers gained initial access to Target’s network using credentials stolen from a third-party HVAC vendor named Fazio Mechanical. This vendor had access to Target’s network for maintenance purposes.

Once inside the network, the attackers moved laterally to reach the point-of-sale (POS) systems. They installed malware on the POS systems designed to capture names, phone numbers, email addresses, payment card information, verification codes, and other sensitive data.

The stolen data was then collected and stored on a server within Target’s network. Periodically, the data was moved from this server to external servers controlled by the attackers, from where it could be sold or used for fraudulent purposes. Altogether, over 40 million payment cards and the personal information of up to 70 million customers were exposed.

Target detected the breach in December 2013 after being alerted by an external cybersecurity company. Target then launched an investigation, which revealed that the data breach had occurred from late November to mid-December 2013.

Who attacked Target

While the identities of the individuals involved were never officially confirmed, evidence pointed to hackers connected to the Gamin' Nation group based in Russia and surrounding countries. Two Russians, Andrei Kovachukov and Dzhavlonkulov Erkinjon, were eventually arrested and indicted in 2014 and 2015, respectively, for their roles in the breach. However, the overall masterminds behind the attack were never publicly identified. In 2018, a Latvian programmer named Ruslan Bondars was also sentenced to 14 years in prison for his part in improving the malware that was used in the Target breach.

Target’s response to the data breach

In the aftermath of the data breach, Target took several steps to address the incident, remediate its effects, and prevent future occurrences.

1. Public Acknowledgment: Target publicly acknowledged the breach shortly after its discovery and provided regular updates to the public on the investigation and their response efforts.
2. Investigation: The company launched a comprehensive investigation with the help of external cybersecurity experts and law enforcement agencies to understand the scope and method of the attack.
3. Customer Notification and Support: Target notified affected customers and offered free credit monitoring and identity theft protection services to those impacted by the breach.
4. Security Enhancements: Target implemented significant security upgrades, including the adoption of chip-and-PIN technology for their REDcard credit cards and debit cards, and the installation of new payment terminals at all stores to support this more secure technology.
5. Cybersecurity Investments: The company increased its investments in cybersecurity, including the hiring of a new Chief Information Security Officer (CISO), the establishment of a Cyber Fusion Center for real-time threat monitoring, and the enhancement of security measures across its network.
6. Employee Training: Target enhanced its employee training programs to focus more on cybersecurity awareness and best practices.
7. Regulatory Compliance and Cooperation: The company cooperated with regulatory investigations and worked to comply with state and federal regulations related to data breach notifications and consumer protection.
8. Legal and Financial Repercussions: Target faced legal actions and financial costs associated with the breach, including settlements with affected customers, banks, and regulatory authorities, as well as expenses related to improving its cybersecurity infrastructure.

Target data breach costs

• Settlement for damages: Target paid out an $18.5 million settlement for damages to customers as a result of a multi-state investigation.
• Direct breach-related expenses: The company incurred an estimated $61 million on expenses directly related to the breach, such as investigation, remediation, and legal fees.
• Financial impact on sales and stock value: In Q4 2013, Target’s sales dropped 5.3% compared to the previous year, and the company’s stock value experienced a significant decline.
• Executive resignations: Following the breach, Target’s CIO and CEO resigned, reflecting the organization’s responsibility and accountability for the incident.
• Total estimated cost: The overall cost of the data breach is estimated to have been over $202 million, factoring in settlements, fines, loss of revenue, and reputational damages.
• Reputational damage: Target’s brand image was significantly tarnished, with customers losing trust in the company’s ability to protect their personal information. This reputational damage impacted customer loyalty and took years of effort to rebuild.
• Investments in cybersecurity: In response to the breach, Target allocated substantial resources to improving its cybersecurity infrastructure, including implementing advanced threat detection and response tools and establishing a dedicated cybersecurity team.
• Long-term impact on customer trust: The data breach had lasting effects on customer trust, which translated into a prolonged period of lower sales and revenue for the company. It serves as a reminder of the long-term consequences of a massive data breach on a company’s reputation and financial

Lessons learned

The Target data breach in 2013 provided several important lessons for businesses and organizations in terms of cybersecurity and data protection:

1. Third-Party Vendor Risks: The breach highlighted the risks associated with third-party vendors. Organizations need to ensure that their vendors follow stringent security practices and should regularly assess and monitor their security measures.
2. Importance of Network Segmentation: The breach demonstrated the need for network segmentation to limit the access of attackers once they breach the perimeter. By segmenting networks, organizations can contain breaches and minimize the impact.
3. Need for Advanced Malware Detection: Traditional antivirus software may not be sufficient to detect sophisticated malware. Organizations should invest in advanced malware detection and prevention technologies.
4. Incident Response Planning: The lack of a comprehensive incident response plan contributed to confusion and delays during Target’s initial response to the breach. Create and test your incident response before an incident occurs.
5. Employee Training and Awareness: The breach emphasized the need for ongoing employee training on cybersecurity awareness and best practices to prevent phishing and other social engineering attacks.
6. Payment Card Security: For retailers, the breach underscored the importance of adopting more secure payment technologies, such as chip-and-PIN (EMV) cards, to protect customer payment information.
7. Reputation and Trust Management: The breach showed that how an organization responds to a breach can significantly impact its reputation and customer trust. Transparent communication and taking responsibility are key to rebuilding trust
8. Continuous Monitoring and Threat Detection: Continuous monitoring of networks and systems is necessary to detect unusual activities and potential threats in real-time, allowing for quicker response to prevent or minimize the impact of a breach.
9. Cyber Insurance: The financial impact of the breach underscored the importance of having cyber insurance to help cover the costs associated with responding to and recovering from a cyber incident.
10. Data Breach Monitoring: Organizations should implement data breach monitoring to detect if their data has been leaked or sold on the dark web. Early detection enables their team to reset credentials before criminals exploit them.

Does your security team need visibility into your organization’s leaked data, book a demo to see how Breachsense can help.