The Massive Data Breach At Target Started On November 27

The massive data breach at Target started on November 27, 2013, and by December Target personnel discovered the breach and notified the U.S. Justice Department. On December 18th, security blogger Brian Krebs broke the story in this post: "Nationwide retail giant Target is investigating a data breach potentially involving millions of customer credit and debit card records," mentioned Krebs. "The sources said the breach appears to have begun on or around Black Friday 2013 -- by far the busiest shopping day the year." (Vijayan, 2014)

The data breach resulted from Target’s failure to segregate systems handling payment card data from the rest of its network (Bertrand, 2014). The attackers gained access to the company’s network with a username and password stolen from Fazio Mechanical Services who provided refrigeration and HVAC systems for them. With just that information alone, the attackers were able to upload malware programs on Target’s Point of Sale (POS) systems.

Target allowed a third party access to its network, and then failed to properly secure that access. The attackers were able to reach the company’s payment systems through third-party credentials; which suggests that proper security was not implemented. Therefore, by segregating Target’s systems and not allowing all parties access to all components of its systems, Target can/could greatly reduce security breaches in the future.

Bertrand, N. (2014, October 20). Here's What Happened To Your Target Data That Was Hacked. Retrieved July 14, 2015.

Vijayan, J. (2014, February 6). Target breach happened because of a basic network segmentation error. Retrieved July 14, 2015.