In 2013, Target fell victim to a cyber attack that compromised the payment cards and contact information of millions. Specifically, the breach exposed 41 million payment cards and the personal information of about 70 million customers. The initial point of attack was a third-party vendor, targeted through a spear phishing attempt to steal credentials. Upon gaining access to Target's network, the attackers deployed malware to capture customer data over two months. This incident led to significant financial and reputational damage for Target. The company faced extensive litigation and regulatory scrutiny across the country, culminating in fines and various costs. The CEO of Target subsequently left the company. To resolve claims nationwide, Target paid $18.5 million in fines, contributing to the total cost of approximately $290 million for the breach, including remediation, consulting fees, and other expenses.
Source: https://arcticwolf.com/resources/blog/10-major-retail-industry-cyber-attacks/
TPRM report: https://scoringcyber.rankiteo.com/company/target
"id": "tar001050624",
"linkid": "target",
"type": "Vulnerability",
"date": "03/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '70 million',
'industry': 'Retail',
'name': 'Target Corporation',
'type': 'Retailer'}],
'attack_vector': 'Spear Phishing',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': ['41 million payment cards',
"70 million customers' personal "
'information'],
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Payment card information',
'Personal information']},
'description': 'In 2013, Target fell victim to a cyber attack that '
'compromised the payment cards and contact information of '
'millions. Specifically, the breach exposed 41 million payment '
'cards and the personal information of about 70 million '
'customers. The initial point of attack was a third-party '
'vendor, targeted through a spear phishing attempt to steal '
"credentials. Upon gaining access to Target's network, the "
'attackers deployed malware to capture customer data over two '
'months. This incident led to significant financial and '
'reputational damage for Target. The company faced extensive '
'litigation and regulatory scrutiny across the country, '
'culminating in fines and various costs. The CEO of Target '
'subsequently left the company. To resolve claims nationwide, '
'Target paid $18.5 million in fines, contributing to the total '
'cost of approximately $290 million for the breach, including '
'remediation, consulting fees, and other expenses.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': ['41 million payment cards',
"70 million customers' personal information"],
'financial_loss': '$290 million',
'legal_liabilities': 'Extensive litigation and regulatory scrutiny',
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Third-party vendor'},
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'Spear phishing leading to '
'credentials theft'},
'regulatory_compliance': {'fines_imposed': '$18.5 million',
'legal_actions': 'Extensive litigation'},
'title': 'Target Data Breach',
'type': 'Data Breach, Malware',
'vulnerability_exploited': 'Credentials Theft'}