User Account

All Pages

Who are the stakeholders in the target breach

Assignment Help Management Theories
Reference no: EM131700429

Problem: Bloomberg Businessweek Case in the News

Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It

The biggest retail hack in U.S. history wasn't particularly inventive, nor did it appear destined for success. In the days prior to Thanksgiving 2013, someone installed malware in Target's (TGT) security and payments system designed to steal every credit card used at the company's 1,797 U.S. stores. At the critical moment-when the Christmas gifts had been scanned and bagged and the cashier asked for a swipe-the malware would step in, capture the shopper's credit card number, and store it on a Target server commandeered by the hackers. On November 30 the hackers had set their traps and had just one thing to do before starting the attack: plan the data's escape route. As they uploaded exfiltration malware to move stolen credit card numbers-first to staging points spread around the United States to cover their tracks, then into their computers in Russia-FireEye, a malware detection tool, spotted them. Target's team of security specialists in Bangalore got an alert and flagged the security team in Minneapolis. And then . . . nothing happened. For some reason Minneapolis didn't react to the sirens. Bloomberg Businessweek spoke to more than 10 former Target employees familiar with the company's data security operation, as well as eight people with specific knowledge of the hack and its aftermath, including former employees, security researchers, and law enforcement officials. The story they tell is of an alert system, installed to protect the bond between retailer and customer, that worked beautifully. But then Target stood by as 40 million credit card numbers-and 70 million addresses, phone numbers, and other pieces of personal information- gushed out of its mainframes.

When asked to respond to a list of specific questions about the incident and the company's lack of an immediate response to it, Target Chairman, President, and Chief Executive Officer Gregg Steinhafel issued an e-mailed statement: "Target was certified as meeting the standard for the payment card industry (PCI) in September 2013. Nonetheless, we suffered a data breach. As a result, we are conducting an end-to-end review of our people, processes and technology to understand our opportunities to improve data security and are committed to learning from this experience. While we are still in the midst of an ongoing investigation, we have already taken significant steps, including beginning the overhaul of our information security structure and the acceleration of our transition to chip-enabled cards. However, as the investigation is not complete, we don't believe it's constructive to engage in speculation without the benefit of the final analysis." In testimony before Congress, Target has said that it was only after the U.S. Department of Justice notified the retailer about the breach in mid- December that company investigators went back to figure out what happened. What it hasn't publicly revealed: Poring over computer logs, Target found FireEye's alerts from November 30 and more from December 2, when hackers installed yet another version of the malware. Not only should those alarms have been impossible to miss, they went off early enough that the hackers hadn't begun transmitting the stolen card data out of Target's network. Had the company's security team responded when it was supposed to, the theft that has since engulfed Target, touched as many as one in three American consumers, and led to an international hunt for the hackers never would have happened at all.

On November 30, according to a person who has consulted on Target's investigation but is not authorized to speak on the record, the hackers deployed their custom code, triggering a FireEye alert that indicated unfamiliar malware: "malware.binary." Details soon followed, including addresses for the servers where the hackers wanted their stolen data to be sent. As the hackers inserted more versions of the same malware (they may have used as many as five, security researchers say), the security system sent out more alerts, each the most urgent on FireEye's graded scale, says the person who has consulted on Target's probe. The breach could have been stopped there without human intervention. The system has an option to automatically delete malware as it's detected. But according to two people who audited FireEye's performance after the breach, Target's security team turned that function off. Edward Kiledjian, chief information security officer for Bombardier Aerospace, an aircraft maker that has used FireEye for more than a year, says that's not unusual. "Typically, as a security team, you want to have that last decision point of ‘what do I do,' " he says. But, he warns, that puts pressure on a team to quickly find and neutralize the infected computers. Source:Michael Riley, Ben Elgin, Dune Lawrence and Carol Matlack, "Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It," Bloomberg Business Week, March 13, 2014. Used with permission of Bloomberg L.P. Copyright © 2014. All rights reserved.

Questions for Discussion: 1. Who are the stakeholders in the Target breach?

2. What is the responsibility of each stakeholder group in the breach?

3. Target Chairman, President, and Chief Executive Officer Gregg Steinhafel is quoted as saying that Target was certified as meeting the legal standard. Does being in compliance with the law and other standards negate any charges of unethical behavior on Target's behalf?

4. What can Target do to prove it will act ethically in the future and to regain the trust of its customers?

Reference no: EM131700429

Questions Cloud

Prepare an executive summary paper on reporting : Prepare an executive summary paper on reporting and disclosure issues related to segment and NCI within a 10K
Role of the human resource manager : HR is indeed the backbone behind or of business. The role of the Human Resource Manager is to handle all the people who come in looking for employment
Define wmd as explained during the cold war period : Describe in your own words, which WMD threat you think offers the greatest threat to the responding EOD unit
Do some brief research on the topic of resisting change : Do some brief research on the topic of resisting change. What determines whether or not people resist change?
Who are the stakeholders in the target breach : The biggest retail hack in U.S. history wasn't particularly inventive, nor did it appear destined for success. In the days prior to Thanksgiving 2013.
What factors contribute to the groups cohesiveness : What factors contribute to the group's cohesiveness? Be sure to refer to Chapter 8 of your text and use specific scenes from the movie.
Compare and contrast the impact racism : Compare and contrast the impact racism has and/or has had on African Americans and either Mexican Americans or Native Americans
Resulting in a disconnect between management : Employees learn to communicate with the customers who are an important asset to retail management arena.
What was the labor rate variance as a result of the bonus : What was the labor rate variance as a result of the bonus. What was the actual labor time variance as a result of generating 5.650 lines of code

Reviews

Write a Review

Management Theories Questions & Answers

  Learning in action

Learning contract proposal that will form the basis of your learning contract report.

  Change is the only constant

"Change is the only constant " Evaluate the different types of change that have occurred in Sony.

  How do advertisers try to use group influence

How do advertisers try to use group influence?  Will you find any specific examples and explain the relevant theory of group behavior and influence?

  Case study:saving sony

You have been appointed by Sony as a consultant on change management. Advise Sony on how they could implement the change by using the various theories of change you have learnt.

  How the stock market works

The purpose of this project is to help you to gain an understanding of how the stock market works and of the relationship between theory and practice.

  Find the optimal production quantities

Find not only the optimal production quantities, but also the optimal total cost.

  Describe the management process

Describe the management process and identify the skills required to manage business organizations.

  Case study : bert''s bonsai and aquatic sport museum

Case Study : Bert's Bonsai and Aquatic Sport Museum Prepare a knowledge management system.

  Knowledge management techniques

Demonstrate understanding of the many-sided nature of knowledge management

  Theory of transtheoretical model

Demonstrate understanding of the many-sided nature of knowledge management

  Write a paper on historical trends of management

Write a paper on Historical Trends of Management.

  Theory of reasoned action

Theory of Planned Behavior and Integrated Behaviors Model

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd