In 2013, a major cyberattack on Target compromised the payment card data and contact information of millions of customers. The attackers gained access to Target's network through a spear phishing attack targeted at a third-party vendor. Utilizing the obtained credentials, they deployed malware to capture customer information over two months. This breach exposed 41 million payment cards and affected approximately 70 million individuals. The financial and reputational damage to Target was significant, with the costs for resolving the issue, including legal fines, settlements, and other expenses, amounting to roughly $290 million. Additionally, the breach led to the departure of Target's CEO and highlighted the critical need for robust cybersecurity measures in protecting customer data.
Source: https://arcticwolf.com/resources/blog/10-major-retail-industry-cyber-attacks/
TPRM report: https://scoringcyber.rankiteo.com/company/target
"id": "tar316050624",
"linkid": "target",
"type": "Vulnerability",
"date": "11/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '70 million individuals',
'industry': 'Retail',
'name': 'Target',
'size': 'Large',
'type': 'Retail'}],
'attack_vector': 'Spear Phishing',
'data_breach': {'number_of_records_exposed': '70 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Payment card data',
'Contact information']},
'date_detected': '2013',
'description': 'A major cyberattack on Target compromised the payment card '
'data and contact information of millions of customers. The '
"attackers gained access to Target's network through a spear "
'phishing attack targeted at a third-party vendor. Utilizing '
'the obtained credentials, they deployed malware to capture '
'customer information over two months. This breach exposed 41 '
'million payment cards and affected approximately 70 million '
'individuals. The financial and reputational damage to Target '
'was significant, with the costs for resolving the issue, '
'including legal fines, settlements, and other expenses, '
'amounting to roughly $290 million. Additionally, the breach '
"led to the departure of Target's CEO and highlighted the "
'critical need for robust cybersecurity measures in protecting '
'customer data.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': ['Payment card data', 'Contact information'],
'financial_loss': '$290 million',
'legal_liabilities': ['Legal fines', 'Settlements'],
'operational_impact': "Departure of Target's CEO",
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Third-party vendor'},
'lessons_learned': 'Critical need for robust cybersecurity measures in '
'protecting customer data.',
'motivation': 'Data Theft',
'post_incident_analysis': {'root_causes': 'Spear phishing attack on '
'third-party vendor'},
'title': 'Target Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Third-party vendor credentials'}