The breach of Target’s security was one of the biggest news stories of 2013, thanks, largely to the fact that so many of the US population shop in these stores every year. When it was announced that their systems had been breached, there was nothing short of panic across the United States of America.
In December 2013, Target – a US retail giant – announced that cybercriminals had hacked into the company’s card payment readers, which were used in stores across the US. This could not have come at a worse time, as they had been compromised at the time people ramped up their shopping in preparation for the holidays.
How many records were accessed?
Target revealed that approximately 40 million debit and credit card numbers had been compromised due to the hacker’s activities on this occasion.
They also revealed that the contact details of around 70 million customers had fallen into the hands of the cybercriminals who carried out the attack. This means that in total, 110 million people were affected by the breach.
How did the breach occur?
Hackers first compromised a 3rd party company who were providing Target with HVAC services. They then used Target’s contractor portal to access the point of sales system, which the company had failed to separate from the rest of its network. Using a Trojan, they were able to copy credit and debit card information, which they then exfiltrated to their own FTP servers on a regular basis.
What has happened since?
Since this massive internet security breach, Target has brought in a number of new security measures, including the use of chip and pin smart cards similar to those used in the UK, which encrypt customer data so that it cannot be easily accessed.