This paper examines the December 2012 Target data breach that exposed 40 million customer payment card details and 70 million personal records. The analysis focuses on how internal control failures—particularly the delayed response to detected malware—enabled the theft. The paper explores the technical aspects of the BlackPOS malware attack, considers the social and criminological motivations behind cybercrime, and proposes comprehensive data protection policies that address detection, response protocols, and employee accountability. The discussion extends to credit management and receivables, emphasizing the need for integrated corporate policies that protect sensitive customer information throughout its lifecycle.
On December 19th, Target publicly acknowledged that it had suffered a data breach resulting in the loss of 40 million customer payment card details, along with their names, expiry dates, and encrypted security codes (Munson, 2013). At the time, this was one of the largest security breaches in retail history. The firm suffered not only from being targeted by criminals but also from the failure of its internal controls to respond effectively to a detected threat.
The problem began in the run-up to Thanksgiving, when malware was installed on Target's payment system. The malware—detected by Target's own security specialists on November 30th, 2012—represented an active threat that had already begun compromising customer data. Despite investing $1.6 million in malware detection software from security specialist FireEye (an organization that also serves the CIA), Target had a critical vulnerability: not in detection, but in response. When the breach was discovered, Target failed to take immediate action or escalate the threat appropriately (Krebs, 2014; Riley, 2013). This delay allowed hackers to continue extracting payment card information for weeks after the initial alarm was raised.
The failure resulted in severe consequences. Target suffered a 46 percent drop in profit in the last quarter of 2012, and the costs to the community and banks associated with stopping and reissuing cards are estimated at approximately $200 million (Krebs, 2014). The breach demonstrated that internal controls require more than technology investment; they demand clear protocols, defined responsibilities, and swift action when threats are detected.
To overcome such failures, organizations must establish detection systems alongside a strict protocol defining what actions should be taken, by whom, and within what time scales when a security breach occurs. This includes specific responsibilities, escalation procedures, and accountability mechanisms.
BlackPOS, also known as Kaptoxa, is malware specifically designed for point-of-sale systems operating on Microsoft Windows. The malware's operation is straightforward but devastating: when a customer's card is swiped on an infected point-of-sale terminal, the malware activates and captures the card details, sending them to a server within Target's network that had been commandeered by the criminals (Riley, 2014).
Once the payment card data is gathered on the compromised server, hackers must upload exfiltration malware to extract the details for their own use. The data extraction process involves multiple intermediary steps designed to obscure the hackers' digital footprints. The stolen information is sent first to staging points—temporary servers used to disguise the trail of the breach—before being forwarded to its final destination in Russia (Riley, 2013).
This multi-stage approach reflects a sophisticated attack chain. Rather than extracting data directly to their own servers, the attackers used intermediate locations to create distance between the theft location and their operational base, making forensic investigation and attribution more difficult. The use of encryption and multiple data hops is standard practice in advanced cybercriminal operations, demonstrating the level of technical sophistication involved in large-scale breaches.
When firms consider extending credit to customers, they evaluate multiple factors. The first consideration is the firm's own internal position and resources—whether the organization has sufficient capital and operational capacity to support extended credit. When credit is extended, it increases accounts receivable outstanding and ties up significant capital in working capital and inventory. Firms must also account for the potential for bad debts (Howells & Bain, 2007). To manage cash flow, firms may use factoring services or develop other internal resources, including staff and systems, to manage credit operations effectively.
Assessing potential customers is equally critical. Firms prefer to grant credit only to those they believe will repay their debts. Risk assessment of customers typically includes evaluating their overall income (or profit if they are a business) to ensure sufficient funds flow to meet debt obligations (Howells & Bain, 2007). The ability to pay must be accompanied by the willingness to pay; therefore, payment history is invaluable. A customer's previous default behavior is often predictive of future defaults.
Creditworthy customers demonstrate both the ability and willingness to repay. Those with a history of timely payments, stable income, and positive payment history are more likely to receive credit than those whose ability or willingness to pay is questionable. This two-dimensional assessment—capacity plus character—remains fundamental to sound receivables management.
"Social and economic factors driving cybercriminal behavior"
"Comprehensive corporate frameworks for securing customer information"
Always verify citation format against your institution’s current style guide requirements.