In 2013, Target suffered a massive data breach that impacted 41 million payment cards and exposed the contact information of approximately 70 million customers. This cyber attack was executed through a spear phishing campaign targeted at a third-party vendor, which allowed the attackers to gain access to Target's network. By installing malware, they were able to capture customer data over two months. The breach not only led to the CEO's departure but also incurred around $290 million in costs to the company, including fines, settlements, and other remediation expenses. This attack underscores the critical importance of cybersecurity in protecting sensitive customer information and maintaining trust.
Source: https://arcticwolf.com/resources/blog/10-major-retail-industry-cyber-attacks/
TPRM report: https://scoringcyber.rankiteo.com/company/target
"id": "tar941050824",
"linkid": "target",
"type": "Vulnerability",
"date": "02/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '70 million',
'industry': 'Retail',
'location': 'United States',
'name': 'Target',
'size': 'Large',
'type': 'Retail'}],
'attack_vector': 'Spear Phishing, Malware',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': ['41 million', '70 million'],
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Payment card information',
'Contact information']},
'date_detected': '2013-11-27',
'date_publicly_disclosed': '2013-12-19',
'description': 'In 2013, Target suffered a massive data breach that impacted '
'41 million payment cards and exposed the contact information '
'of approximately 70 million customers. This cyber attack was '
'executed through a spear phishing campaign targeted at a '
'third-party vendor, which allowed the attackers to gain '
"access to Target's network. By installing malware, they were "
'able to capture customer data over two months. The breach not '
"only led to the CEO's departure but also incurred around $290 "
'million in costs to the company, including fines, '
'settlements, and other remediation expenses. This attack '
'underscores the critical importance of cybersecurity in '
'protecting sensitive customer information and maintaining '
'trust.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': ['Payment card information',
'Contact information'],
'financial_loss': '$290 million',
'identity_theft_risk': 'High',
'legal_liabilities': 'Fines, settlements',
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Third-party vendor'},
'lessons_learned': 'Critical importance of cybersecurity in protecting '
'sensitive customer information and maintaining trust.',
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'Spear phishing campaign targeted '
'at a third-party vendor'},
'references': [{'source': 'Media Reports'}],
'title': 'Target Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Third-party vendor access'}