Security Incident Report: Data Breach at Target Corporation

In November and December of 2013, Cybercriminals successfully collected, staged and ultimately exfiltrated "Track 1 and 2" data related to millions of debate and credit cards. While many details remain unclear, a quite a few have emerged.

This Fortinet report will review:

  • what is believed to be publicly known about the incident- how Cybercriminals got in, how they collected the sensitive data and how they ultimately got it out
  • what the ramifications have been, including the resignation of the CIO
  • what security practices should be considered by organizations looking to reduce the likelihood of similar incidents

There has been a lot of speculation about what security products Target Corporation did or did not have in place, as well as what could or should have stopped the breach. This paper stays above the fray and focuses more about what is pretty firmly believed about the attackers' methods as well as the security technologies that should be considered more broadly by organizations seeking to reduce the risk of a breach stemming from sophisticated attacks like this one.