Target Co. is one of the largest retailers in the USA, which offers its products not only through the brick-and-mortar stores but an online marketplace as well. The online store offers almost every type of grocery products. Unlike other retailers, Target offers its own brands, which definitely put it in a competitive position against its own business clients. The company offers the in-store paid facilities such as Portrait Studio, Photos, Café, and Game Area etc. It directly competes with Walmart, Costco, Amazon, and Best Buy etc. Established in 1902, Target has become a giant retailer with thousands of stores and a fully active online channel. No doubt, the holiday season tends to be very busy for the retailers as the customers take advantage of sales and discounts and rush to the stores for grabbing not only regular grocery but luxury items as well. The days are getting fade when the customers take cash with them. We have completely entered in the age of payment cards. In the holiday season of 2013, Target was welcoming the customers in its physical and online stores and enjoying sales of millions of dollars every day. Definitely, a vast majority of the customers paid either through their debit or credit cards.
The hackers accessed the system through authorized credentials. They took the authentic information from the contractor’s system of the company. By entering the system, they decrypted the credit and debit card information of the customers by installing malware in the customer database of the company (Vijyan, 2014). It was a breach of confidentiality. The Cyber Criminals gained control on the Target’s sales network and stole the data of no less than 40 millions of credit cards, debit cards, and store’s own cards which were processed through Target’s POS. The attack was aimed to steal the financial data from the credit cards. The financial and personal information of millions of customers was exposed to the hackers. They took numbers of credit cards and debit cards and bank account numbers. As per the investigations, the hackers could use the stolen data for launching a phishing scheme.
The investigation report revealed that Target’s management already had an idea of such a breach because its system notified a dramatic increase in the fraudulent transactions (Riley, Elgin, Lawrence, & Matlack, 2014). It could prevent the threat by taking preventive actions. However, it considered sales and promotions more important than securing its payment processing system. Target couldn’t hide the cyber attack in any way. The angry customers hit the social media after learning about the incident. Target offered free credit monitoring service to those whose information was compromised by the attack. After the subject attack, which didn’t only ruin the Target’s sales of the peak season but shattered the confidence of customers on this multi-billion retailer, the company took certain steps to improve and enhance the security of its network. It implemented a comprehensive program to secure the system. An officer was hired to implement the program, who was accompanied by an expert to assess whether the security requirements were being met or not. Target separated the financial and credit card related data of the customers from the overall digital network. Moreover, the company implemented a password rotation policy to avoid the theft of credentials (McCoy, 2017).
Nothing could be more worsening for Target than the incident happened right in the middle of the peak shopping season. The attack negatively impacted the stores’ traffic volume and sales. Even the company itself projected lower sales for the following fiscal quarter. The attack has reduced the market share of Target. On 19 December 2013, company’s shares fell down by more than 2% on NYSE (Finkle & Skarianchan, 2013). The company had to pay more than $18mn to the victimized customers (McCoy, 2017).
Target has already taken important steps to improve the security of its network. Although the cyber-attack hit the brick-and-mortar stores of Target, however, instead of improving the database network of its physical stores only, it should take serious steps to further secure the payment repository of its online store. It should enter into a contractual relationship with a digital security protection providing company to maintain the security of its network.
Finkle, J., & Skarianchan, D. (2013, December 19). Target cyber breach hits 40 million payment cards at holiday peak. Retrieved January 23, 2019, from Reuters: https://www.reuters.com/article/us-target-breach/target-cyber-breach-hits-40-million-payment-cards-at-holiday-peak-idUSBRE9BH1GX20131219
McCoy, K. (2017, May 23). Target to pay $18.5M for 2013 data breach that affected 41 million consumers. Retrieved January 23, 2019, from USAToday: https://www.usatoday.com/story/money/2017/05/23/target-pay-185m-2013-data-breach-affected-consumers/102063932/
Riley, M., Elgin, B., Lawrence, D., & Matlack, C. (2014, March 17). Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It. Retrieved January 23, 2019, from Bloomberg: https://www.bloomberg.com/news/articles/2014-03-13/target-missed-warnings-in-epic-hack-of-credit-card-data
Vijyan, J. (2014, February 6). Target breach happened because of a basic network segmentation error. Retrieved January 23, 2019, from Computer World: https://www.computerworld.com/article/2487425/cybercrime-hacking/target-breach-happened-because-of-a-basic-network-segmentation-error.html