Target Credit Card Security Breach - Essay Example

Essay: Business Incident: Author’s name Institutional affiliation Essay: Business Incident (Target credit card security breach) Introduction One of the largest retail hacks to ever occur in the United States history did not appear in any case particularly inventive nor did it seem destined to be a huge hit. By so saying, it means that, some few days just before Thanksgiving of the year 2013, someone installed a very dangerous malware in the payment systems and security of Target Company (TGT) so as to steal each and every credit card that is affiliated to the organization’s 1797 U.S Stores (Anthony, 2013). Target Company is one of the leading Merchandise corporations in the United States. Additionally, this incident happened immediately after the Christmas gifts bagging and scanning, and the malware stepped in immediately when an individual is asked for a swipe by the cashier. The malware would steal the customer’s credit card number for storage on the server that is controlled by the hackers (Krebs, 2014). From the handling of this credit-card breach by the Target Corporation, it can be noted that proper and timely communication is vital in managing the way people react to a given contextual situation. Incident review and analysis The Target breach was first publicly postulated through a renowned security researcher by the name Brian Krebs. He stipulated that Target Corporation had been hit by a credit card data breach during or around the eve of the Black Friday which involves the loss of potentially millions of debit and credit records of customers (Michael et al, 2014). The Corporation company itself, TGT, the second general merchandise marketer confirmed that each and every card that was used between the month of November 27th to December 15th of the year 2013 may have been heavily affected by the malware breach. However, TGT never went into details on how there security systems were tampered with. But according to the cyber security experts, the people responsible for the credit card breach may have targeted the main company’s point sale system. By so saying, it means that, they either slipped the virus or rather the malware Programme at the swiping point or rather they collected the information from customers when it was being transferred from the target point to the credit card processing unit. The Target cyber breach is an example of how conventional these crimes have become as well as how the hackers manipulate their dealings whether the company is prepared for the attack or not. In this case, the Target Corporation was prepared for such activities. Additionally, Target Company started installing a malware detection tool that was worth $1.6 million six months before the attack , a security tool that was constructed by (FEYE)- a computer security firm. Furthermore, FEYE Is a well-known security firm that also serves the Pentagon and the CIA. Moreover, Target Corporation Company had deployed some security specialists that were based in Bangalore so as to monitor all the ongoing activities on their computers internationally (Melanie & Kim, 2013). By so doing, if the team of security experts in Bangalore suspected any security breach, they were supposed to notify the Target’s security operations headquarters that was based in Minneapolis (Sara et al. 2013). The hackers had already established their traps by Saturday 30th November with only one major thing to formulate which was establishing an escape plan for the data. In other words, as they tried to send the exfiltration malware so as to move the data on the credit card to some stipulated staging points in the United States, a move meant to cover their tracks so as to ensure safe transfer in to their computers that were located in Russia, they were noticed by FEYE (Chelsea, 2013). By so doing, the security in Bangalore was alerted and, therefore, flagged the team of security experts in Minneapolis (Jia & Amrita, 2014). For some unspecified reason, the security team in Minneapolis did not give immediate attention to the sirens (CNN, 2015). Additionally, Bloomberg business week tried to interview some former Target workers who are well vast with the company’s security system as well as experts in hacking and its aftermath (A bullseye view-Minneapolis, 2014). According to them, they believe that there is an alert system that is specifically installed to shield the bond between the customer and the retailer that usually worked well. However, Target had nothing to do when forty million card numbers as well as seventy million phone numbers, addresses as well as other pieces of important data disappeared from its serves (A bullseye view, 2013). When the Chairman of Target Company, CEO, and President Gregg Steinhafel was asked some specific questions about the organization’s reluctance to respond to the incident, he offered an emailed statement. In his emailed statement, he postulated that Target is conducting a review of its technology, processes, and its customers so as to comprehend any opportunity available to improve their security network (A bullseye view-Minneapolis, 2014). Additionally, he continued by stating that they had already started the structural transition of its security as well as shifting to chip-enabled cards. He pleaded with the public for patience and not to engage in vague speculation before the end of the final analysis of the incident (A bullseye view, 2013). Target has received over ninety lawsuits filed against the company by banks as well as customers for compensatory damages and negligence. Additionally, there are some other costs which according to various analysts, it could sum up to billions. Furthermore, the company spent over sixty-one million dollars in the month of February to respond to the consequences of the breach as per the investor’s fourth-quarter report. Moreover, Target established a response operation and further relieved consumers off fraudulent charges (John, 2014). By so doing, this move was seen as an effort to attract and redeem the lost trust form its loyal customers. To explain further, the annual net revenues for the Target corporation that is accrued every holiday reduced by forty-six percent as compared to the same quarter the previous year. Also, In addition to that, the overall transaction numbers reduced tremendously since the year 2008 when Target Corporation initially started reporting its financial statistics (Christina & WBZ-TV, 2014) According to a security expert, every piece of information that was tapped by the malware Programme enables criminals to establish more sophisticated measures for either luring the victims or impersonating them to dish out some private and sensitive information. In other words; they tend to establish dossiers on the victims. Therefore, this Target breach has been ranked among the worst and the most dangerous breach ever (Jia & amrita, 2014). Moreover, experts continue to postulate that, with the customers mailing address and names, the criminals can be able to purchase merchandise online so long as they require that piece of data for the transaction. Target corporation’s communication blunder prior to the credit card-security breach One of the main reasons why its customers raged in fury and frustration was that, Target played down what the loyal clients wanted to hear the most. In other words, the customers wanted to be sure whether it was safe and more secure to shop in the wake of the security breach. Additionally, Target should have prioritized the needs of its customers bearing in mind that the Black Friday was among the last days of Christmas shopping (ABC news, 2014). In other words, Comprehending customers’ needs and the audience desires is a vital part in any communication. By so saying it means that it is important to establish a crass that reminds consumers that your business is still operational despite a regrettable crisis instead of relying solely on a bad rhetorical practice like the implication. From the first statement released by the Target Company prior to the incident, they simply made the public aware of the breach but they did not continue to inform the public whether they had established the cause and resolved the incident so as to make the customers shop with confidence (Chris &Bob, 2014). By so saying it means that, since most individuals only give attention to the first part of a statement, Target Company would have made sure that the public and the press capture the most important points in their reporting of the TGT reactions to the incident. According to the events of the incident and the statement released by the Target Company, the conclusion of the issue was left to the customers to judge whether the issue had been resolved and identified or not. How target resolved the crisis Over Forty millions of the Target breach incident victims of the year 2013 were entitled to some compensation. Additionally, Target Company agreed to compensate $ 10 million according to an agreement agreed upon in a class-action lawsuit. The victims were supposed to fill in some information in a claim form that confirmed the usage of a credit card during the breach period alongside other essential details. One of the essential details included whether they believe that the breaching incident compromised their personal information (Alison, 2015). Besides the monetary relief, the agreed upon lawsuit settlement directed Target Company to establish a Chief Security Officer that would implement a written security program responsible for evaluating and monitoring using metrics as well as proper risk management criteria. Moreover, the program will handle training security officers in matters pertaining data security (Alison, 2015). Moreover, those customers that were affected by the credit-card data breach will be each compensated a monetary sum of up to $ 10 million (the two-way,2015) Additionally, losses that were designated by the claim form include, credit –card correction fee, unreimbursed/unauthorized charges, declined and late payment charges, account monitoring and correction cost (Julie,2014). However, the compensation will only be possible if the victims will be in a position to produce valid documentation that proves that the incident resulted in the loss of their time and information (Robin, 2015). Besides, the compensation, the Target CEO delivered a statement that confirmed to the public that indeed Target had been affected by a security breach. Additionally, He pleaded with the public not to jump into unnecessary conclusions until the whole issue has been clearly analyzed as they work on possible ways to improve their security systems (Ambernewby, 2015). Furthermore, The Target Company’s Spokeswoman confirmed that the compensation process is underway, and a quick resolution will be arrived at soon enough. Moreover, According to Reuters (2014), she also went ahead to discuss the terms and conditions for the settlement and compensation. Conclusion From the handling of this Credit-card breach by the Target Corporation, it can be noted that proper and timely communication is vital in managing the way people react to a given contextual situation. By so saying, it means that, when the security breach occurred, Target Company could have properly communicated to the public by informing them what they needed to hear most (Teri& Stephen, 2014). In this case, they would have assured the public that, the incidental issue has been identified and that, they are safe shopping. References A bullseye view, (2013). A message from the CEO Gregg Steinhafel about Targets Payment card Issues. Retrieved from: https://corporate.target.com/article/2013/12/important- notice-unauthorized-access-to-payment-ca A bullseye view, Minneapolis, (2014). Target provides update on data breach and financial performance. Retrieved from: http://pressroom.target.com/news/target-provides-update- ABC news, (2014. What is Target offering with free credit monitoring after data breach. Retrieved from: http://www.abc15.com/news/let-joe-know/target-email-what-is-target- offering-with-free-credit-monitoring-after-data-breach Alison Griswold, (2015). Target finally agrees to pay up for its massive data breach. Retrieved from: http://www.slate.com/blogs/moneybox/2015/03/19/target_data_breach_settlement_the_c ompany_will_pay_out_10_million_to_make.html Ambernewby, (2015).Free Credit-monitoring services don’t help consumers. Retrieved from: http://www.mywebtimes.com/news/local/free-credit-monitoring-services-don-t-help- consumers/article_0a5de352-ca8b-5c0d-af44-427b8f1ac787.html Anthony Wing Kosner, (2013). Targets biggest PR Mistake With credit card Security Breach. Retrieved from: http://www.forbes.com/sites/anthonykosner/2013/12/20/targets-biggest- PR-mistake-with-credit-card-security-breach/ Chelsea Rarrick, (2013). Target offering free credit monitoring services. Retrieved from: http://wtvr.com/2013/12/21/target-offering-free-credit-monitoring-services/ Chris Horne, Bob jones, (2014). Target says 70 million customers had personal information stolen during data breach. Retrieved from: http://www.newsnet5.com/money/consumer/target-says-70-million-customers-had-more- than-credit-card-info-was-stolen-during-data-breach Christina Hager, WBZ-TV, (2014). Target refused to process Fraud claim unless customer gave up sensitive info. Retrieved from: http://boston.cbslocal.com/2014/01/16/target-now- offering-free-credit-monitoring-for-customers-in-massive-data-breach/ CNN,(2015). Target: 40 million credit cards compromised. Retrieved from; http://money.cnn.com/2013/12/18/news/companies/target-credit-card/ Erik Katz, (2015).Why credit Monitoring fails to address the real threat facing hacked feds. Retrieved from: http://www.govexec.com/defense/2015/06/why-credit-monitoring-fails- address-real-threat-facing-hacked-feds/115090/ Hayley Tsukayama, (2014). Target says customers signing up for free credit monitoring after data breach. Retrieved from: http://www.washingtonpost.com/business/technology/target- says-customers- signing-up- for-free-credit-monitoring-after-data- breach/2014/01/13/99fcce60-7c83- 11e3-95c6-0a7aa80874bc_story.html Jia Lynn Yang & Amrita Jayakumarr, (2014).Target says up to 70 million more customers were hit by December data breach. Retrieved from: http://www.washingtonpost.com/business/economy/target-says-70-million-customers- were-hit-by-dec-data-breach-more-than-first-reported/2014/01/10/0ada1026-79fe-11e3- 8963-b4b654bcc9b2_story.html John Matarese, (2014). Don’t waste your money: is Targets free monitoring safe? Retrieved from: http://www.abcactionnews.com/money/consumer/dont-waste-your-money/is- targets-free-credit-monitoring-safe1391017038879 Julie Banovic, (2014).Target reaching out to customers with free credit monitoring offer. Retrieved from: http://www.wxyz.com/news/target-reaching-out-to-customers-with-offer Krebs, (2014).Credit card breach at a zoo near you. Retrieved from: http://krebsonsecurity.com/ Melanie Eversley and Kim Hjelmgaard, (2013).Target Confirms massive credit –card data breach. Retrieved from: http://www.usatoday.com/story/news/nation/2013/12/18/secret- service-target-data-breach/4119337/ Michael Riley, Ben Elgin, dune Lawrence, and Carol Matlack, (2014). Missed alarms and 40 million stolen credit card numbers: how Target blew it. Retrieved from: http://www.bloomberg.com/bw/articles/2014-03-13/target-missed-alarms-in-epic-hack- of-credit-card-data Robin Sidel, (2015). The Wall Street Journal: Target Nears Settlement with MasterCard over data breach. Retrieved from: http://www.insurancejournal.com/topics/target-credit-card- breach/ 2015(1) Sara Germano, Robin Sidel &Danny Yadron, (2013). The Wall Street journal: Target Credit Card breach: Retrieved from: www.insurancejournal.com/.../target-credit-card- breach.2013 (1) Teri Radichel, Stephen Northcutt, (2014) .Case study: Critical controls that could have prevented Target Breach. Retrieved from: http://www.sans.org/reading- room/whitepapers/casestudies/case-study-critical-controls-prevented-target-breach-35412 The two-way, (2015). Target offers $ 10 million settlement in data Breach Lawsuit. Retrieved from: http://www.npr.org/sections/thetwo-way/2015/03/19/394039055/target-offers-10- Read More