What Caused The Target Data Breach?

target data breach

In December of 2013, Target identified a major security breach. Hackers had obtained access to credit and debit card data for up to 70 million consumers. This number was originally reported at 40 million, but Target’s own website says the number might be as high as 70 million. The enormity of this breach eventually led to the firing of Target’s CEO, Gregg Steinhafel in 2014. Even a 35 year employee at the top of the chain couldn’t endure the resulting fallout. The company has struggled to regain its reputation since.

CompanyYearAccounts Compromised
Adobe2013150 million passwords / 38 million credit cards
Heartland Payment Systems2008130 million credit cards
T.J. Max / Marshalls200794 million credit cards
Sears198490 million credit reports
Sony201177 million accounts (personal details and credit card information)

What Happened At Target

Target’s breach started around Black Friday 2013. Information contained in debit and credit card magnetic strips was compromised between November 27th and December 15th. Almost all Target stores were impacted. A refrigeration company, named Fazio Mechanical Services, had its access credentials to the Target network stolen. Fazio Services had access to the network to monitor the refrigeration health of various stores. Once on the network, hackers were able to upload malware on the Point of Sale system without being detected.

 

What Could of Helped at Target?

Most importantly, areas of the network which contained sensitive information should have been securely walled off from sections with more innocuous information, like details on temperature and energy consumption. Better warning systems should have been in place to detect unusual traffic. The real life problem with warnings is they tend to alert so often that engineers get in the bad habit of ignoring the warnings. If this was the case at Target, a more intelligent warning system should have

 

What Could  You Do to Help You Protect Yourself?

In the wake of the Target incident, credit card companies are finally starting to add security chips to American credit cards. These chips have been used in other countries for years. Chips eliminate the need to swipe the magnetic strip on a credit card, thus eliminating the likely hood of easily skimming and copying the data on the magnetic strip. Transactions will take a second or two longer because the credit card has to be slotted into the machine. Proponents argue the added security benefits far outweigh the time lost.

Many stores, like Home Depot, now allow customers to pay using PayPal, Google Wallet or Apple Pay. Since your credit card data isn’t visible in this process, you are relatively secure in such exchanges.

When I make a purchase from an online store I don’t trust, I use a credit card, like Citi, that allows me to generate a temporary card number. I only leave the temporary card number active long enough for the transaction to conclude. This gives hackers a relatively brief window to do anything harmful, and your master card number is secure during this process. You can read more about Citi Virtual Account numbers here. Unfortunately, this process is of little help when making a purchase at a local brick and mortar store.

 

What Is the Good News?

The good news is that most consumers have zero liability during these major security breaches. Sure it is a pain to have to change your credit card number at places to use auto-pay, but it is better than having to fight the credit card company regarding the charges. Some companies, like Chase, will overnight new credit cards at no cost. I’ve found Citi to be the slowest out of the major banks I use at replacing cards. They tend to take around two weeks. Since I have multiple credit cards, this isn’t a major issue for me.

The other good news is that the system is improving. Chip based point of sale systems will be at most major retailers sooner rather than later. Alternative payment routes, like PayPal, are also becoming more prevalent as options at brick and mortar stores.

Target also offered a year of free credit monitoring to affected customers. I signed up for this service. Fortunately, I didn’t need it as nothing was detected during the free monitoring period.

 

Conclusion

The Target data breach impacted tens of millions of people. I personally had to replace two credit cards. The good news is the high profile nature is leading to positive changes, such as more secure credit card chip technology and alternative payment methods. Network security is also being slowly but surely increased at larger corporations. Seeing a CEO lose his job is good incentive for executives to demand higher prioritization of consumer security.

Leave a Reply