Security Breach at Target

Computer Security Breaches

Internal Controls and Receivables

On December the 19th Target publicly acknowledged they had suffered a data breach, which had resulted in the loss of 40 million customer payment card details, along with their names, expiry dates, and the encrypted security codes (Munson, 2013), At the time this was one of the largest security breaches, with the firm suffering not just because they were targeted by criminals, but as a result of the failure of their internal controls.

The problem started when, in the run up to Thanksgiving, malware was installed on the payments system of Target (Riley, 2014). BlackPOS, which is also known as Kaptoxa, is malware designed for use on point of sales systems which operate on Microsoft Windows (Krebs, 2014). The Malware operates at the point of sales, when the customers' cards are swiped on an infected point of sale, the malware becomes active and at card details would be sent to a server within Target that had been commandeered by the criminals (Riley, 2014). Following the gathering of the payment card on the commandeered server the hackers had to upload the exfiltration malware to extract the details for their own use (Riley, 2013). The data was extracted from the server, sending it first to staging points as a way of disguising the hackers' trackers, with the final destination being the hackers own location in Russia (Riely, 2013).

In many cases internal controls failed because malware goes undetected, the shocking issue with this breach was the way in which the firm had prepared for this type of event, $1.6 million had been invested in Malware detection, from the firm FireEye, a security specialist that also serves organizations such the CIA (Riley, 2013). The breach was noticed on the 30th of November 2012 by Bangalore team of security specialists that monitored the Target system; they raised the alarm, informing Target of the breach. It was here the system failed, as Target failed to respond or take action Krebs, 2014; Riley, 2013). Therefore, the internal failure was not one of detection, but of the ability of the firm to respond following the detection of the active threat. The failure resulted in a level of negative publicity, and the firm suffered a 46% drop in profit the last quarter of 2012, and costs for the community and banks associated with the stopping and reissuing of the cards is estimated to be approximately $200 million (Krebs, 2014)

The plan to overcome this needs to build in the detection, with the development of a strict protocol for what actions should be taken and by whom where is a security breach, including who does what, with time scales and specifics responsibilities.

Part 2