Target Breach (2013)

Published: 19 October 2020

Breach Summary

Target were breached in 2013. The story was initially broken by Brian Krebs in a post published on 18 December 2013 and titled “Sources: Target investigating Data Breach”[1]. This was followed up by a statement from Target announcing the breach on 19 December[16]. The target confirmation stated the breach lasted between November 27 and December 15.

The breach was achieved through first compromising Target’s HVAC vendor, Fazio Mechanical[4][9][11][14]. This was achieved through a phishing email[10] which deployed malware which targeted credentials. These credentials were then used to access Target’s network.

The statement from Target announced that approximately 40 million payment cards had been stolen[16]. The next day (20 December), the CEO released a message titled “a message from CEO Gregg Steinhafel about Target’s payment card issues”[2], stated that the stolen data included names, payment card number, expiration date, and CVV. It recommended customers consider contacting companies like Equifax to arrange a “security freeze” on their credit. In a press release of the same name[3], Steinhafel offered customers a 10% discount if they shop in Target stores on December 21 or 22.

On the same day as the CEOs statement, Krebs released another article detailing that he believed payment cards were being sold in “card shops” online and that this had been confirmed by a fraud analyst at a major bank[17]. Interestingly he added that “a fraud analyst at a major bank who said his team had independently confirmed that Target had been breached after buying a huge chunk of the bank’s card accounts”.

On December 27, it was announced[5] that encrypted card PIN numbers were accessed by the attackers. On January 10 2014 Target announced that 70 million person records were accessed during the breach[6][7], including names, mailing addresses, phones numbers, and email addresses. This was followed by layoffs of 475 employees on 22 January[15].

26 March 2014, Target CFO John Mulligan is questioned in a Senate Hearing [13]. The hearing was to discuss a Senate Report[12] titled “A ‘Kill Chain’ Analysis of the 2013 Target Data Breach.” Which detailed information about the malware used, such as stating the McAfee Director of Threat Intelligence considered the malware “absolutely unsophisticated and uninteresting” whilst the Director of the Department of Homeland Security’s National Cybersecurity and Communications Integration Center, described the same malware as “incredibly sophisticated.”

On 5 May, in a statement from Target’s Board of Directors, it was announced that the CEO, Gregg Steinhafel, had resigned[8]. Steinhafel was a 35-year veteran of the company. As an interim replacement the CFO, John Mulligan, took up the position of CEO. Mulligan held this position until August 2014 before taking the Chief Operating Officer position, handing the CEO position to Brian Cornell.

10 March 2015, Target lays off another 1,700 employees and left an additional 1,400 position vacant[18].

Breach Timeline

10 March 2015Target lays off another 1,700 employees and left an additional 1,400 position vacant.
27 November 2013 Approximate start of breach
18 December 2013Brian Krebs breaks the story
19 December 2013 Target releases a statement announcing the breach
20 December 2013 CEO releases a message detailing what data was accessed
20 December 2013Krebs reports on payment cards being sold online from the breach
27 December 2013Announcement that encrypted PINs were accessed
10 January 2014 Target announced 70 million personal records were accessed during the breach
22 January 2014 Target lays off 475 employees and leaves 700 additional positions vacant
26 March 2014 Target’s CFO, John Mulligan, questioned in Senate Hearing
5 May 2014 Target’s CEO resigned. John Milligan takes interim-CEO position
10 March 2015 Target lays off 1,700 employees and leaves 1,400 additional positions vacant

References

  1. https://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/
  2. https://corporate.target.com/article/2013/12/important-notice-unauthorized-access-to-payment-ca
  3. https://corporate.target.com/press/releases/2013/12/a-message-from-ceo-gregg-steinhafel-about-targets
  4. https://www.wsj.com/articles/target-breach-began-with-contractor8217s-electronic-billing-link-1391731112
  5. https://www.ft.com/content/51db6e2c-6f2f-11e3-9ac9-00144feabdc0
  6. https://www.forbes.com/sites/maggiemcgrath/2014/01/10/target-data-breach-spilled-info-on-as-many-as-70-million-customers/#6b73e0dbe795
  7. https://corporate.target.com/press/releases/2014/01/target-provides-update-on-data-breach-and-financia
  8. https://corporate.target.com/press/releases/2014/05/statement-from-targets-board-of-directors
  9. https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
  10. https://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/
  11. https://web.archive.org/web/20160925225642/http://faziomechanical.com/Target-Breach-Statement.pdf
  12. https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/files/external/Target_Kill_Chain_Analysis_FINAL.pdf
  13. https://www.databreachtoday.com/senate-report-analyzes-target-breach-a-6677
  14. https://www.wsj.com/articles/holder-confirms-doj-is-investigating-target-data-breach-1391012641?tesla=y
  15. https://eu.usatoday.com/story/money/business/2014/01/22/target-layoffs/4778267/
  16. https://corporate.target.com/press/releases/2013/12/target-confirms-unauthorized-access-to-payment-car
  17. https://krebsonsecurity.com/2013/12/cards-stolen-in-target-breach-flood-underground-markets/
  18. http://www.startribune.com/target-layoffs-will-hit-1-700-with-another-1-400-jobs-going-unfilled/295752841/