Security Breach At Target Essay


Computer Security Breaches Internal Controls and Receivables

On December the 19th Target publicly acknowledged they had suffered a data breach, which had resulted in the loss of 40 million customer payment card details, along with their names, expiry dates, and the encrypted security codes (Munson, 2013), At the time this was one of the largest security breaches, with the firm suffering not just because they were targeted by criminals, but as a result of the failure of their internal controls.

The problem started when, in the run up to Thanksgiving, malware was installed on the payments system of Target (Riley, 2014). BlackPOS, which is also known as Kaptoxa, is malware designed for use on point of sales systems which operate on Microsoft Windows (Krebs, 2014). The Malware operates at the point of sales, when the customers' cards are swiped on an infected point of sale, the malware becomes active and at card details would be sent to a server within Target that had been commandeered by the criminals (Riley, 2014). Following the gathering of the payment card on the commandeered server the hackers had to upload the exfiltration malware to extract the details for their own use (Riley, 2013)....


The data was extracted from the server, sending it first to staging points as a way of disguising the hackers' trackers, with the final destination being the hackers own location in Russia (Riely, 2013).
In many cases internal controls failed because malware goes undetected, the shocking issue with this breach was the way in which the firm had prepared for this type of event, $1.6 million had been invested in Malware detection, from the firm FireEye, a security specialist that also serves organizations such the CIA (Riley, 2013). The breach was noticed on the 30th of November 2012 by Bangalore team of security specialists that monitored the Target system; they raised the alarm, informing Target of the breach. It was here the system failed, as Target failed to respond or take action Krebs, 2014; Riley, 2013). Therefore, the internal failure was not one of detection, but of the ability of the firm to respond following the detection of the active threat. The failure resulted in a level of negative publicity, and the firm suffered a 46% drop in profit the last quarter of 2012, and costs for the community and banks associated with the stopping and reissuing of the cards is estimated to be approximately…

Sources Used in Documents:

The plan to overcome this needs to build in the detection, with the development of a strict protocol for what actions should be taken and by whom where is a security breach, including who does what, with time scales and specifics responsibilities.

Part 2

Firms will take a number of issues into consideration when assessing whether or not to extend credit to customers. The first consideration may be the internal position of the firm and the resources that have which may or may not support the extension of credit. Where credit is extended to customers, and funding by the firm, this can increase significantly the level of accounts receivable outstanding and result in a significant increase in capital tied up in inventory. The firm will also have to allow for the potentials for bad debts (Howells & Bain, 2007). The firm may aid cash flow with the use of factoring firms. The firm may also need to look at other internal resources such as the personal and systems, to ensure they can

Cite this Document:

"Security Breach At Target" (2015, February 08) Retrieved June 14, 2024, from

"Security Breach At Target" 08 February 2015. Web.14 June. 2024. <>

"Security Breach At Target", 08 February 2015, Accessed.14 June. 2024,

Related Documents

Security Plan Target Environment Amron International Inc. Amron International Inc. is a division of Amtec and manufactures ammunition for the U.S. military. Amron is located in Antigo, Wisconsin. Amron also manufacturer's mechanical subsystems including fuses for rockets and other military ammunitions as well as producing TNT, a highly explosive substance used in bombs. Floor Plan Target Environment The target environment in this security plan is the manufacturing operation located in Antigo, Wisconsin, a

Internet Risk and Cybercrime at the U.S. Department of Veterans Affairs Internet Risk Cybercrime Today, the mission of the U.S. Department of Veterans Affairs (VA) as taken from President Lincoln's second inaugural address is, "To care for him who shall have borne the battle, and for his widow, and his orphan." To this end, this cabinet-level organization provides healthcare services through the Veterans Health Administration (VHA) to nine million veteran patients each year.

Security for Networks With Internet Access The continual process of enterprise risk management (ERM) has become an integral component of successful organizational assessment, because the process of accurately identifying various risk factors, and interpreting their potential advantages and disadvantages, ensures that a business remains capable of anticipating and addressing internal and external contingencies. The following ERM implementation plan for the security of internet-accessible networks is intended to provide a navigable framework

Security Management The role of a security manager varies widely according to the particular organization and its needs, but despite this variety, there remain certain best practices and policies that can help maintain security and stability. This is nowhere more true than in the case of organizational loss, because while loss can mean widely different things depending on the field, the underlying theoretical concepts which inform attempts to minimize loss are

Security in Cloud Computing

Security in Cloud Computing Security issues associated with the cloud Cloud Security Controls Deterrent Controls Preventative Controls Corrective Controls Detective Controls Dimensions of cloud security Security and privacy Compliance Business continuity and data recovery Logs and audit trails Legal and contractual issues Public records The identified shortcomings in the cloud computing services and established opportunities for growth regarding security aspects are discussed in the current research. The security of services is regarded as the first obstacle. The opportunity for growth is provided as combination

Even though there is always some form of a risk involved in the coding technique together with the deployment methods of a website, some technologies such as PHP and MySQL form some of the worst aggravators of online website security. The loopholes that exists in the use of these technologies results in some of the worst hack attacks and security breaches ever experienced in the field of web design. The