In 2013, Target experienced a devastating cyber attack that compromised 41 million payment cards and the contact information of approximately 70 million customers. This breach occurred when threat actors launched a spear phishing attack on a third-party vendor, successfully stealing user credentials. With these credentials, the attackers were able to access Target's network and implant malware to capture customer data over two months. The repercussions of this breach were far-reaching, ultimately costing the company approximately $290 million in remediation, consulting fees, and fines, including an $18.5 million settlement to resolve claims nationwide. The CEO of Target left in the aftermath, highlighting the immense impact such an attack can have on corporate leadership and the company's reputation. This incident underscores the pressing need for robust cybersecurity measures, particularly for retailers holding vast amounts of sensitive customer information.
Source: https://arcticwolf.com/resources/blog/10-major-retail-industry-cyber-attacks/
TPRM report: https://scoringcyber.rankiteo.com/company/target
"id": "tar204050724",
"linkid": "target",
"type": "Ransomware",
"date": "02/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '70 million',
'industry': 'Retail',
'name': 'Target',
'type': 'Retailer'}],
'attack_vector': 'Spear Phishing',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': ['41 million payment cards',
'70 million customer contact '
'information'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Payment card information',
'Customer contact information']},
'description': 'In 2013, Target experienced a devastating cyber attack that '
'compromised 41 million payment cards and the contact '
'information of approximately 70 million customers. This '
'breach occurred when threat actors launched a spear phishing '
'attack on a third-party vendor, successfully stealing user '
'credentials. With these credentials, the attackers were able '
"to access Target's network and implant malware to capture "
'customer data over two months. The repercussions of this '
'breach were far-reaching, ultimately costing the company '
'approximately $290 million in remediation, consulting fees, '
'and fines, including an $18.5 million settlement to resolve '
'claims nationwide. The CEO of Target left in the aftermath, '
'highlighting the immense impact such an attack can have on '
"corporate leadership and the company's reputation. This "
'incident underscores the pressing need for robust '
'cybersecurity measures, particularly for retailers holding '
'vast amounts of sensitive customer information.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': ['41 million payment cards',
'70 million customer contact information'],
'financial_loss': '$290 million',
'legal_liabilities': '$18.5 million settlement'},
'initial_access_broker': {'entry_point': 'Third-party vendor'},
'lessons_learned': 'The need for robust cybersecurity measures, particularly '
'for retailers holding vast amounts of sensitive customer '
'information.',
'motivation': 'Data Theft',
'post_incident_analysis': {'root_causes': 'Spear phishing attack on a '
'third-party vendor leading to '
'stolen user credentials'},
'regulatory_compliance': {'fines_imposed': '$18.5 million settlement'},
'title': 'Target Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Stolen user credentials'}