Warnings (& Lessons) of the 2013 Target Data Breach

The Target data breach was one of the biggest security breaches in history. Target was required to pay an $18.5 million settlement after hackers stole 40 million credit and debit records. But as with many unprecedented security attacks, Target’s data breach came with both warnings and lessons — which are still valid today.

What Happened During the Target Data Breach 2013?

During the Target breach, cybercriminals were able to steal 40 million credit and debit records and 70 million customer records. This occurred during the holiday season in 2013. While it wasn’t the single largest security breach in history, it was one of the largest. And because there had been many other high-profile data breaches just before, customers were particularly wary.

Target’s data breach highlights one of the major issues that occur after a breach. It isn’t just security disruption, and it isn’t just the cost of the settlement: It’s that customers no longer had faith in their security. After the data breach, customers were worried that their data would be leaked, and so they were hesitant to buy from Target. Similar things have happened to other victims of high-profile data breaches, like Sony PlayStation.

Like many breaches, the attack was focused on Target, but it didn’t go directly through Target’s systems. Rather, the compromise started with a third-party vendor. Third parties are most commonly compromised because they typically aren’t as well-secured. Companies need to keep in mind that all their third-party vendors have to be just as secure as their own system is. Cybersecurity is always a weakest link proposition.

How Did Target Handle the Data Breach?

Target handled the data breach very well, all things considered. It was able to notify customers about twenty days after the breach occurred, but only four days after they noticed it. In the wide spectrum of data breaches, this is very fast. The issue is that the data breach occurred at all. Target could, and should, have been more cautious about its third-party solutions — and there were internal issues that needed to be resolved.

Following the data breach, Target did issue more secure chip-and-pin cards. They discovered that chips alone weren’t enough to secure many of the cards that had been compromised, although consumers learned a lesson, too — credit cards are much more secure than debit cards. With credit cards, it’s easier to overturn a transaction, and a fake transaction doesn’t leave you without money.

A “Chip and pin” card is inherently more secure because it means that someone with just a name, card number, and address usually can’t perform transactions. But that wasn’t an all-around solution. Enough data had been stolen that consumer identities could potentially be compromised, regardless if the debit and credit cards were secured. And identity theft can be a much bigger problem than a single compromised card.

What Could Target Have Done Better?

Target had provided a portal through which third-party vendors could access data. Unfortunately, a compromise to this third-party solution made it possible to jump into Target’s own network. If Target had properly segregated its network, it would have been much harder for a cyber-attack of this magnitude to have occurred.

But realistically, networks are large. Target could have prevented this data breach, but cybercriminals are everywhere and they are persistent. Many companies aren’t just improving their security and closing their gaps but are also investing in cybercrime insurance. This protects them in the event that a data breach does occur.

The Ultimate Cost of the Target Data Breach

The estimated cost of Target data breach goes well beyond the $18 million settlement. In fact, it’s estimated the company lost over $200 million. Retail data breaches are extraordinarily expensive, but no industry is safe.

Following the holiday season, customers were wary, and news of the data breach swiftly spread. Reportedly, earnings fell 46% for Target following the attack, with far fewer households shopping at Target after the breach. Target had to do work to restore its public reputation.

And that brings us to another lesson learned. Companies should have a disaster preparedness plan regarding security breaches. There should be a strategy in place for companies to restore customer faith and loyalty in the event that the worst occurs. And there should be proactive solutions if a data breach occurs. An MSP can help an organization create this type of plan.

It’s always better to be proactive about your security. Do you think you’re ready to defend against a security breach? With a security audit, you’ll know whether there are gaps in your system to shore up — and what you can do to improve your defenses. Contact us today to find out more.