In 2013, Target faced a massive cyber attack that exposed 41 million payment cards and compromised contact information for approximately 70 million customers. This incident occurred when threat actors launched a spear phishing attack on a third-party vendor to steal user credentials. Having gained access to Target's network, the attackers then installed malware to capture customer payment information over a two-month period. The ramifications of this breach were severe; Target's CEO departed the organization, and the company had to settle fines totaling $18.5 million to resolve claims across the country. The total cost to Target, including expenses for remediation, consulting fees, and other payments, approached approximately $290 million. This cyber attack highlights the critical need for robust cybersecurity measures and the importance of vigilantly managing third-party risks.
Source: https://arcticwolf.com/resources/blog/10-major-retail-industry-cyber-attacks/
TPRM report: https://scoringcyber.rankiteo.com/company/target
"id": "tar246050524",
"linkid": "target",
"type": "Breach",
"date": "05/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '70 million',
'industry': 'Retail',
'location': 'United States',
'name': 'Target',
'size': 'Large',
'type': 'Retailer'}],
'attack_vector': 'Spear Phishing',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '111 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Payment card information',
'Contact information']},
'description': 'In 2013, Target faced a massive cyber attack that exposed 41 '
'million payment cards and compromised contact information for '
'approximately 70 million customers. This incident occurred '
'when threat actors launched a spear phishing attack on a '
'third-party vendor to steal user credentials. Having gained '
"access to Target's network, the attackers then installed "
'malware to capture customer payment information over a '
'two-month period. The ramifications of this breach were '
"severe; Target's CEO departed the organization, and the "
'company had to settle fines totaling $18.5 million to resolve '
'claims across the country. The total cost to Target, '
'including expenses for remediation, consulting fees, and '
'other payments, approached approximately $290 million. This '
'cyber attack highlights the critical need for robust '
'cybersecurity measures and the importance of vigilantly '
'managing third-party risks.',
'impact': {'brand_reputation_impact': 'Severe',
'data_compromised': ['41 million payment cards',
'Contact information for 70 million '
'customers'],
'financial_loss': '$290 million',
'identity_theft_risk': 'High',
'legal_liabilities': '$18.5 million in fines',
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Third-party vendor'},
'lessons_learned': 'The critical need for robust cybersecurity measures and '
'the importance of vigilantly managing third-party risks.',
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'Spear phishing attack on a '
'third-party vendor'},
'regulatory_compliance': {'fines_imposed': '$18.5 million'},
'title': 'Target Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Third-party vendor access'}