Data breach is the act of viewing or acquiring ones secure data or confidential information without the authorization of the authorized user and releasing it to an untrusted environment. This is mostly done by hackers who get this type of information and sell it to willing buyers. The kind of information that suffers this kind of menace is financial and personal information on credit and debit cards. When applying to get a credit or debit card, one has to offer their personal data and their account details so that the companies involved can keep track of the transactions.
In the year 2013, Target a Discount retailer was hit by hackers who stole personal information from their customers and sold them to the black market. Counterfeit cards were made, and the stolen information was coded into the cards and sold on the dark web and the black market. This hit most of the customers since the only ones who were safe from the data breach were those who used cash instead of the credit and debit cards. The breach spread to all the Target’s locations. By November 27 to December 15, 40 million cards were stolen (Malloy).
The cards had a magnetic stripe which contained ‘track data’ that contained private information of the cardholder. This was easy to hack since it only needed one to swipe their card in the retailer’s shop and get all data in the card. This could be prevented since there was an invention of a chip and pin technology, which was invented a while back and it was implemented in other countries. The smart cards, as they are called, have small microchips that encrypt all the information of the cardholder and it is only shared by the sales stations used by the merchants. In the U.S.A., they are slow to embrace the smart card technology because the cost is too high for the manufacturing of new cards and also changing all the swiping machines to the required ones in all outlets and businesses in the country ("Updates on Target’s Security and Technology Enhancements").
Before the breach at Target, there was another breach in Home Depot. The malware used was made known to all other companies by a particular blogger by the name Krebs. The same malware was employed in the breach at Target, and it took them too long to curb the damage that had been done. If the programmers and the project manager of Target noted the incident in Home Depot, they would be able to avoid the adverse losses that they encountered. In-house testers would have tried out the same malware in their systems when it hit Home Depot and find an anti-virus for it. (Yadron)
The hackers may have obtained information from other sources such as employee negligence in the company. For example: by giving out their passwords to all and sundry this may have been used to infiltrate the company’s security systems. Losing of a USB drive that contained crucial security information on the company and also mishandling files may also have caused the breach. The company should have a decent data breach response team that is quick to address this type of mishaps when they happen. Creation of such a team would have aided the Target Company.
The company was responsible for the safety and privacy of their clients’ personal and confidential information. Therefore, an analysis conducted can place an average of fifty percent blame on it. The workers took a thirty percent blame while the victims took a twenty percent blame due to their ignorance. When the breach was made public, most of the customers were scared to use Target’s debit and credit facilities. This caused a reduction in their turnover during that year. After the breach, they reduced privileges in certain accounts, which brought equity to their customers. The breach was not the fault of the company since they did not know that hackers would target their firm. However, all this would have been avoided if the company had taken a keen interest in their security measures.
References
Malloy, Theresa. "One-Year After Target Breach, Customers’ Data Security Still A Hot Topic". BringMeTheNews.com. N.p., 2014. Web. 17 May 2016.
"Updates on Target’s Security and Technology Enhancements". Target Corporate. N.p., 2016. Web. 17 May 2016.
Yadron, Paul. "Target Now Says 70 Million People Hit In Data Breach". WSJ. N.p., 2016. Web. 17 May 2016.
