Analyse Recent Retail Chain Breach of Security - Paper Example

In the year 2014, June 10th, the Target reported that personal information of Target was stolen in a data breach that was widespread during one of the holiday seasons. This breach affected approximately 110 million people. The theft and offense are one of the largest that has ever happened (Harris & Perlroth, 2014). The hackers managed to take broad trove of data and the information included email addresses, names, phone numbers, and other critical information like information recorded during interactions when shopping and the volunteering phone numbers on call centers. The company made the information public, and the customers flooded the help lines as they expressed fear and frustration in the social media. The sales declined in the same year due to the security breach experienced by the company.

Cause of the breach

The main cause of the breach was as a result of the hacking. This was noticed by the Easy Solutions as it tried to track fraud and noticed more than ten fraud increases in the number of a number of the stolen credit cards sold on the black market. The company management came forth to apologize for its mistakes in broadening violation of the privacy of the customers. The attackers steal the information on customers identity in phishing attack where the attackers send tailored emails to the victims asking them to download an attachment that once opened, affords the attackers an opportunity into the employers network.

The Targets system was attacked twice by the hackers. The company maintains that it had protected the payment information of the customers with data encryption stored on a separate system. The company had used 3 DES system of encryption, though a good and robust protection, sometimes it is susceptible to brute force attack. The hackers managed to bypass the 3DES encryption by the use of brute force attack and this exposed millions of the passwords to breach. However, it is not clear whether the subsequent attack on the 70 million customer information was encrypted. Similarly, part of the vulnerabilities of the system included the fact that customers use the point-of-sale systems where they swipe their credit cards and the very cards are connected to the corporate network. This is a significant opportunity to compromise the system as the hackers used this weakness also to access the system.

Resolution

There is a need for appropriate education to the employees on how to deal with some specific issues when using the computers. The employees ought to be careful when using the emails and generally when surfing on the web. It is indeed uncommon for an unsuspecting employee to click or download an attachment or a link and this is how viruses and people end up accessing the system. Similarly, firewalls are a must for any organization (Chaturvedi & Agarwal, 2015). The company should have secure firewalls to protect the network by controlling internet traffic getting into the business network. Additionally, the organization should ensure that the customer information is kept secure in encrypted data using the highest security standard.

The customers need to frequently monitor and check their credit cards. The customers can set up some day where they check their status, the amount and any breach that might have occurred. In case anything is suspect, the customers should immediately report for a determination from the authorized purchases.

References

A. HARRIS, B., & PERLROTH, N. (2014). For Target, the Breach Numbers Grow. The New York Times.

Chaturvedi& Agarwal, M. (2015). Forestalling Against Data Breaching. International Journal of Engineering and Computer Science.