In 2013, a sophisticated cyber attack on Target resulted in the exposure of 41 million payment cards and the contact information of approximately 70 million customers. This cyber assault was initiated through a spear phishing operation targeting a third-party vendor, aimed at acquiring user credentials. Once the attackers had breached Target's defenses, they deployed malware designed to capture customer data during transactions over a two-month period. The aftermath of this breach was profound, leading to the departure of the CEO and culminating in Target agreeing to pay fines totalling $18.5 million to settle claims from across the country. Ultimately, the breach led to the company incurring around $290 million in costs, encompassing fines, remediation efforts, consulting fees, and more.
Source: https://arcticwolf.com/resources/blog/10-major-retail-industry-cyber-attacks/
TPRM report: https://scoringcyber.rankiteo.com/company/target
"id": "tar600050524",
"linkid": "target",
"type": "Breach",
"date": "02/2014",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'customers_affected': '70 million',
'industry': 'Retail',
'name': 'Target',
'size': 'Large',
'type': 'Retail'}],
'attack_vector': 'Spear Phishing, Malware',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '111 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Payment card information',
'Customer contact information']},
'date_detected': '2013',
'description': 'In 2013, a sophisticated cyber attack on Target resulted in '
'the exposure of 41 million payment cards and the contact '
'information of approximately 70 million customers. This cyber '
'assault was initiated through a spear phishing operation '
'targeting a third-party vendor, aimed at acquiring user '
"credentials. Once the attackers had breached Target's "
'defenses, they deployed malware designed to capture customer '
'data during transactions over a two-month period. The '
'aftermath of this breach was profound, leading to the '
'departure of the CEO and culminating in Target agreeing to '
'pay fines totalling $18.5 million to settle claims from '
'across the country. Ultimately, the breach led to the company '
'incurring around $290 million in costs, encompassing fines, '
'remediation efforts, consulting fees, and more.',
'impact': {'data_compromised': ['41 million payment cards',
"70 million customers' contact information"],
'financial_loss': '$290 million',
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Third-party vendor'},
'motivation': 'Financial Gain',
'regulatory_compliance': {'fines_imposed': '$18.5 million'},
'title': 'Target Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Third-party vendor credentials'}