In 2013, Target faced a monumental cybersecurity crisis when it became the victim of a cyber attack that exposed the payment card information of 41 million customers and personal contact information for approximately 70 million people. This breach was orchestrated through a spear-phishing attack on a third-party vendor, which allowed the attackers to access Target's network. Subsequently, malware was installed to collect customer data over two months. The repercussions were severe, resulting in the departure of Target's CEO and the company incurring costs upwards of $290 million. This included fines totalling $18.5 million to settle nationwide claims, remediation efforts, consulting fees, and other related expenses. This cyber attack underscores the critical importance of vigilant cybersecurity measures, especially in safeguarding third-party vendor connections and the need for robust systems to detect and prevent malware deployment.
Source: https://arcticwolf.com/resources/blog/10-major-retail-industry-cyber-attacks/
TPRM report: https://scoringcyber.rankiteo.com/company/target
"id": "tar802050524",
"linkid": "target",
"type": "Breach",
"date": "02/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '110 million',
'industry': 'Retail',
'location': 'United States',
'name': 'Target',
'size': 'Large',
'type': 'Retailer'}],
'attack_vector': 'Spear-phishing',
'data_breach': {'number_of_records_exposed': '110 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Payment card information',
'Personal contact information']},
'date_detected': '2013-12-15',
'date_publicly_disclosed': '2013-12-19',
'description': 'In 2013, Target faced a monumental cybersecurity crisis when '
'it became the victim of a cyber attack that exposed the '
'payment card information of 41 million customers and personal '
'contact information for approximately 70 million people. This '
'breach was orchestrated through a spear-phishing attack on a '
'third-party vendor, which allowed the attackers to access '
"Target's network. Subsequently, malware was installed to "
'collect customer data over two months. The repercussions were '
"severe, resulting in the departure of Target's CEO and the "
'company incurring costs upwards of $290 million. This '
'included fines totalling $18.5 million to settle nationwide '
'claims, remediation efforts, consulting fees, and other '
'related expenses. This cyber attack underscores the critical '
'importance of vigilant cybersecurity measures, especially in '
'safeguarding third-party vendor connections and the need for '
'robust systems to detect and prevent malware deployment.',
'impact': {'data_compromised': ['Payment card information',
'Personal contact information'],
'financial_loss': '$290 million',
'legal_liabilities': '$18.5 million in fines',
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Third-party vendor'},
'lessons_learned': 'The critical importance of vigilant cybersecurity '
'measures, especially in safeguarding third-party vendor '
'connections and the need for robust systems to detect and '
'prevent malware deployment.',
'post_incident_analysis': {'root_causes': 'Spear-phishing attack on a '
'third-party vendor'},
'regulatory_compliance': {'fines_imposed': '$18.5 million'},
'title': 'Target Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Third-party vendor access'}