In 2013, Target suffered a significant cyber attack that exposed the payment information of 41 million customers and contact details for approximately 70 million individuals. The attackers initially gained entry into Target's network by launching a spear phishing attack on a third-party vendor to steal user credentials. With access secured, they strategically deployed malware to harvest customer data over a two-month period. The fallout from this breach was substantial for Target, both financially and reputationally. The breach's total costs approached $290 million, including a major settlement and various expenses related to breach remediation efforts. Additionally, the breach had significant leadership implications, contributing to the departure of Target's CEO. This event underscored the critical importance of robust cybersecurity measures, especially regarding third-party vendors and the protection of sensitive customer data.
Source: https://arcticwolf.com/resources/blog/10-major-retail-industry-cyber-attacks/
TPRM report: https://scoringcyber.rankiteo.com/company/target
"id": "tar734042824",
"linkid": "target",
"type": "Ransomware",
"date": "12/2013",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '110 million',
'industry': 'Retail',
'location': 'United States',
'name': 'Target',
'size': 'Large',
'type': 'Retail'}],
'attack_vector': 'Spear Phishing',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '110 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Payment information',
'Contact details']},
'description': 'In 2013, Target suffered a significant cyber attack that '
'exposed the payment information of 41 million customers and '
'contact details for approximately 70 million individuals. The '
"attackers initially gained entry into Target's network by "
'launching a spear phishing attack on a third-party vendor to '
'steal user credentials. With access secured, they '
'strategically deployed malware to harvest customer data over '
'a two-month period. The fallout from this breach was '
'substantial for Target, both financially and reputationally. '
"The breach's total costs approached $290 million, including a "
'major settlement and various expenses related to breach '
'remediation efforts. Additionally, the breach had significant '
'leadership implications, contributing to the departure of '
"Target's CEO. This event underscored the critical importance "
'of robust cybersecurity measures, especially regarding '
'third-party vendors and the protection of sensitive customer '
'data.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': ['Payment information of 41 million customers',
'Contact details of 70 million individuals'],
'financial_loss': '$290 million',
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Third-party vendor'},
'lessons_learned': 'Critical importance of robust cybersecurity measures, '
'especially regarding third-party vendors and the '
'protection of sensitive customer data.',
'motivation': 'Data Theft',
'post_incident_analysis': {'root_causes': 'Spear phishing attack on '
'third-party vendor'},
'title': 'Target Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Third-party vendor credentials'}