In 2013, Target suffered a massive cybersecurity breach that exposed the payment card information of 41 million customers and contact information for an additional 29 million individuals. Initiated via a spear phishing attack on a third-party vendor to steal credentials, the attackers then accessed Target's network and installed malware to collect the customer data over two months. This breach significantly impacted Target, leading to the departure of the company's CEO and resulting in $290 million in total costs, including fines, remediation, consulting fees, and other related expenses. The incident highlights the importance of robust cybersecurity practices, especially regarding third-party vendor management and the protection of customer data.
Source: https://arcticwolf.com/resources/blog/10-major-retail-industry-cyber-attacks/
TPRM report: https://scoringcyber.rankiteo.com/company/target
"id": "tar603050724",
"linkid": "target",
"type": "Ransomware",
"date": "03/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'customers_affected': 70000000,
'industry': 'Retail',
'name': 'Target',
'type': 'Retailer'}],
'attack_vector': 'Spear Phishing, Malware',
'data_breach': {'number_of_records_exposed': 70000000,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Payment card information',
'Contact information']},
'date_detected': '2013',
'date_publicly_disclosed': '2013',
'description': 'A massive cybersecurity breach that exposed the payment card '
'information of 41 million customers and contact information '
'for an additional 29 million individuals.',
'impact': {'data_compromised': ['Payment card information',
'Contact information'],
'financial_loss': '$290 million',
'operational_impact': "Departure of the company's CEO"},
'initial_access_broker': {'entry_point': 'Third-party vendor'},
'lessons_learned': 'Importance of robust cybersecurity practices, especially '
'regarding third-party vendor management and the '
'protection of customer data.',
'motivation': 'Financial Gain',
'title': 'Target Data Breach 2013',
'type': 'Data Breach',
'vulnerability_exploited': 'Third-party vendor credentials'}