Casehero

The marketplace for case solutions.

Autopsy of a Data Breach: The Target Case – Case Solution

"Autopsy of a Data Breach: The Target Case" case study looks into the sequence of events that led to the largest breach of confidential data in history when cybercriminals stole 40 million debit and credit card numbers and other personal information of millions of customers.

​Line Dube
Harvard Business Review (HEC130-HCB-ENG)
March 01, 2016

Case questions answered:

  1. Summarize the timeline and key chain of events in the data breach at Target and describe the links that completed the chain causing the explosion.
  2. What lessons can be learned from Target, and how can these lessons be leveraged by risk managers in other organizations?
  3. In your own words, explain the concept of Operational Risk as it relates specifically to technology.
  4. Define and explain the key attributes of the IMF’s measures to strengthen resilience to cyber risk.
  5. How would you apply the IMF framework relating to measures to strengthen resilience to cyber risk in the Target case?

Not the questions you were looking for? Submit your own questions & get answers.

Autopsy of a Data Breach: The Target Case Case Answers

Summarize the timeline and key chain of events in the data breach at Target and describe the links that completed the chain causing the explosion.

The data breach at Target partly came from the failure of the retailers to appropriately separate the systems dealing with sensitive payment card data from the rest of the network.

Hackers broke into the network of the retailers through the use of login identifications, which were taken from a heating, ventilation, and air conditioning organization working for Target in several places (Sidel & Dan, 2013).

The attackers got access given by the Fazio credentials to undertake activities on the Target network undetected and also upload malware programs on the POS systems of the company. They managed to steal data meant for about 40 million credit and debit cards.

The company seemed to have allowed third-party access to its networks, but it failed to appropriately secure access to the systems.

Target gave Fazio access, but it should have segmented its networks to make sure that Fazio or any other person does not have access to the payment systems (Sidel & Dan, 2013).

What lessons can be learned from Target, and how can these lessons be leveraged by risk managers in other organizations?

Target data breaches can be considered as a watershed activity that puts the spotlight on the security of security cards. Several lessons are learned from the Target data breach, and these should be seriously considered by managers in any organization.

To begin with, one of the lessons is that…

Unlock Case Solution Now!

Get instant access to this case solution with a simple, one-time payment ($24.90).

After purchase:

  • You'll be redirected to the full case solution.
  • You will receive an access link to the solution via email.
By clicking "Buy Now" or PayPal, you agree to our Terms of Use, Arbitration and Class Action Waiver Agreement and Privacy Policy.
Testimonial Best decision to get my homework done faster!
Michael
MBA student, Boston

FAQ

How do I get access?

Upon purchase, you are forwarded to the full solution and also receive access via email.


Is it safe to pay?

Yes! We use Paypal and Stripe as our secure payment providers of choice.


What is Casehero?

We are the marketplace for case solutions - created by students, for students.