Home - Article

Featured Article

December 04, 2015

Target's 2013 Data Breach: A Scar That Won't Fade Any Time Soon


Forget the ghosts of Christmas past, present and future from Charles Dickens’ “A Christmas Carol”; the holiday ghouls that business owners and IT administrators alike should be paying close attention to this year for reasons related to cybersecurity could very well be their own employees.

The concept that employees could be the weak link in corporate security rocketed into the national consciousness in 2013, when Target suffered one of the worst data breaches in history after hackers gained access to an employee’s credentials.Now, two years later, the massive incident, which exposed the phone numbers, names, mail addresses, email addresses and payment card data of about 70 million customers, still haunts corporate America.

How did the breach occur? Reports about the breach may have led you to believe the Target security vulnerability was its point-of-sale (PoS) system. The truth, however, is that this was merely the site from which the hackers obtained the sensitive information.

The real portal to the criminal break-in originated with an employee associated with Target.

As explained in a recent ZDNet article, the breach actually stemmed from a successful phishing attempt aimed at an employee for one of Target’s third-party vendors, Fazio Mechanical, by password-stealing bot Citadel. Citadel gained the Fazio employee’s authentication credentials, hacked into Target’s network and commandeered its servers. This is what opened the door for an easy series of attacks against the company’s in-store PoS system.

As you can see, Target’s vendor was responsible for the data breach, yet Target will forever have to bear the infamy of the incident.

This case is a stark reminder that data breaches can easily result from user errors, such as when employees click on harmful links, open virus-laden email attachments or respond to a phishing email with personal information. Therefore, end users must receive proper training to avoid putting an entire organization at risk.

With this in mind, remember that cyberattackers will be out in full force this holiday season. So consider this a warning from the Ghost of Christmas Present to train your employees how to stay safe online.

Click here to learn more about how Apex Technology Services can assist with its dedicated cybersecurity training program.


 





Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.
IT SERVICES

IT SERVICES

Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...

LEARN MORE
CYBERSECURITY Services

CYBERSECURITY

Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...

LEARN MORE
CLOUD SERVICES

CLOUD SERVICES

Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...

LEARN MORE

Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs


Contact us Now!