The 2013 Target data breach is a permanent and important reference point in hacking history. According to the Forbes and The Associated Press news releases last week, Target has estimated their hacking losses at $148 million, minus a $38 million insurance receivable (about 11 cents a share). Still being calculated are the damages to Target’s reputation, profits, and a host of lawsuits, not to mention the negative impact the breach has had on Target’s expansion into Canada. Yet, as one of the ten largest retail chains in the U.S., Target has the financial strength and resources to recover, and that — is where our focus belongs.
What measures did Target take, and continues to take, to shore up Target’s security banks — to eliminate the possibility of any future security breaches? Well, quite a few: Target names Brad Maiorino senior vice president, chief information security officer; Target appoints new chief information officer, Bob DeRodes; Target joins Financial Services Information Sharing & Analysis Center; and Target invests $5 million in cybersecurity coalition, not to mention the decommissioning of vendor access to the server impacted in the breach and disabling select vendor access points including FTP and telnet protocols. Although stained with spilt milk, the details contained in these measures are the road map and costs for others to learn from, budget for, and follow.
Since the initial confirmation of the data breach, Target has shared that there has been an active investigation. During that time, we’ve taken significant actions to further strengthen security across the network. Some of these enhancements include:
Enhancing monitoring and logging: We’ve implemented additional rules, alerts, centralized log feeds and enabled additional logging capabilities.
Installation of application whitelisting point-of-sale systems: This includes deployment to all registers, point-of-sale servers and development of whitelisting rules.
Implementation of enhanced segmentation: We’ve developed of point-of-sale management tools, reviewed and streamlined network firewall rules and developed a comprehensive firewall governance process.
Reviewing and limiting vendor access: We’ve decommissioned vendor access to the server impacted in the breach and disabled select vendor access points including FTP and telnet protocols.
Enhanced security of accounts: We coordinated a reset of 445,000 Target team member and contractor passwords, broadened the use of two-factor authentication, expanded password vaults, disabled multiple vendor accounts, reduced privileges for certain accounts, and developed additional training related to password rotation.
Visit Target.com/databreach to learn more about our information technology transformation.