top of page

Target 2014: Credit Card Breach

  • Writer: Matilda Drummond
    Matilda Drummond
  • Jun 10
  • 2 min read

Updated: Jun 16


Series: 2 Minute Case Studies

Root Cause Themes: Cybersecurity; Supply Chain Management


Summary

In December 2013, Target suffered one of the most infamous data breaches in retail history. While often labeled a cyber attack, the reality is a case study in how supply chain vulnerabilities and operational blind spots create catastrophic failures.


The Impacts

  • The Customer Toll: Hackers stole 40 million credit card records and 70 million pieces of customer PII. Because this dropped right before Christmas, millions of customers and their families faced severe financial anxiety during an already high-stress, high-spending season.


  • Financial & Legal: The immediate breach response, legal fees, and remediation cost Target roughly $162 million. When factoring in the resulting share price drop and long-term reputational damage, the total cost skyrocketed to $1 billion.


Key Causes

  • Supply Chain Exploitation: The attackers didn't breach Target directly. They compromised Fazio Mechanical Services, Target’s HVAC contractor, who only had a free antimalware tool protecting their systems. If you aren't auditing third-party vendor access, your perimeter does not exist.


  • Alert Fatigue and Process Failure: Target actually had 3rd party security monitoring (FireEye) in place. The system worked and flagged the intrusion. However, the organization lacked a solid process for managing false positives. The live alerts were treated as noise and ignored.


Sources

Shinichi Yokohama. (2018). Business Management and Cyber Security: Digital Resiliency for Executives.


Enjoyed this breakdown? Follow for more case studies on how to identify hidden vulnerabilities and protect your organization. Let us know in the comments if there is a specific type of risk you want to know about!


Disclaimer: This is a high-level summary of a complex event with numerous compounding operational and legal variables.


Comments


bottom of page