In 2013, Target suffered a massive cyber attack that became one of the most notorious in retail history. This breach exposed the payment card details of 41 million customers and contact information for an additional 29 million. The attackers gained access through a third-party vendor, leveraging a spear-phishing attack to steal credentials. Once inside Target’s network, they deployed malware that captured customer data over two months. The fallout from this breach was significant, leading to the departure of Target’s CEO and costing the company approximately $290 million in remediation, consulting fees, legal settlements, and other related expenses. The incident highlighted the vulnerabilities in the supply chain and the critical need for robust cybersecurity measures.
Source: https://arcticwolf.com/resources/blog/10-major-retail-industry-cyber-attacks/
TPRM report: https://scoringcyber.rankiteo.com/company/target
"id": "tar245050524",
"linkid": "target",
"type": "Breach",
"date": "09/2014",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '70 million',
'industry': 'Retail',
'location': 'United States',
'name': 'Target',
'size': 'Large',
'type': 'Retailer'}],
'attack_vector': 'Spear-phishing, Malware',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '70 million',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Payment card details',
'Contact information']},
'date_detected': '2013-11-27',
'date_publicly_disclosed': '2013-12-19',
'description': 'In 2013, Target suffered a massive cyber attack that became '
'one of the most notorious in retail history. This breach '
'exposed the payment card details of 41 million customers and '
'contact information for an additional 29 million. The '
'attackers gained access through a third-party vendor, '
'leveraging a spear-phishing attack to steal credentials. Once '
'inside Target’s network, they deployed malware that captured '
'customer data over two months. The fallout from this breach '
'was significant, leading to the departure of Target’s CEO and '
'costing the company approximately $290 million in '
'remediation, consulting fees, legal settlements, and other '
'related expenses. The incident highlighted the '
'vulnerabilities in the supply chain and the critical need for '
'robust cybersecurity measures.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': ['Payment card details', 'Contact information'],
'financial_loss': '$290 million',
'legal_liabilities': 'Legal settlements',
'operational_impact': 'Departure of Target’s CEO',
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Third-party vendor'},
'lessons_learned': 'Vulnerabilities in the supply chain and the critical need '
'for robust cybersecurity measures',
'post_incident_analysis': {'root_causes': 'Spear-phishing attack, Third-party '
'vendor access'},
'title': 'Target Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Third-party vendor access'}