Target Breach Case Study

1021 Words5 Pages

Most people would think that most companies take data security seriously, but if take a look that the Target Breach incident we would realize that some companies might not take our privacy as seriously as we all thought. Big corporations need to realize that the public is not the only losing on a privacy breach situation, the companies also lose. For example, the Target Breach incident cost Target Corp over $18.5 million just on settlement claims (Bose & Ramakrishnan, 2017). Paying this amount of money is the least they could do for taking the privacy of their customer so lightly. Moreover, Target not only lost $18.5 million on settlement their negligence cost them approximately $366.7 million, this is including the credit cards stolen, …show more content…

We all know that a data breach is unpredictable because the hackers wait for the right moment to strike after they have gathered all the information necessary to break through a company’s data security. However, there are several things that cause the Target Breach in 2013 and that you have been predictable or at least avoided.

The first mistake made by Target Corporation was the lack of establishing a secure system that would protect the privacy of its customers. We take a good look at this breach incident Target Corp showed that lacked caring for the privacy of their consumer. Target Corp was negligent by not protecting their data and by allowing access to a third party company named Fazio Mechanical Services. According Krebs on Security (2014), a third party company that provided maintenance to Target Corp had access to the information because it is common for big companies to monitor the electricity and some other things in order to save money, but why a maintenance company had access to the sensitive information? Whether the company has to do maintenance on the systems used to maintain the security data there should restricted access for third party …show more content…

Before Target Breach incident, Target was aware that their systems have alerted to suspicious activities right after the hackers breach their system, but Target clearly missed the signs of a data breach and totally ignore that something was wrong and suspicious (Harris & Perlroth, 2014). If the security team and crisis management team would pay more attention to the suspicious activity they would have been able to at least noticed that their systems were breached or at least compromised. Target also failed to take action when they noticed the suspicious activity and failed, even more, when they did not take the precaution necessary to investigate the incident and to take action to avoid any further incident. Ignoring multiple alarms is just reckless and negligence, it was not until days later that they realized that their data security was breached affecting millions of customers. As the results, it is difficult to understand why Target’s management teams decided to ignore so many alarms. There is no explanation for their action and these are probably why they were found responsible to pay the affected customers a settlement because they fail to react on time.

At the time of the incident, Target’s response to the incident was to not take it as something serious and they decided to leave it to the investigators indicating that their crisis management team was not handling the situation