Anatomy of the Target Breach

June 2014 - It is now known that the initial Target breach was traced back to network credentials that were stolen from Target’s HVAC subcontractor that has worked at a number of locations at Target and other top retailers. It’s not immediately clear why Target would have given an HVAC company external network access, or why that access would not be cordoned off from Target’s payment system network.

Timeline: Sources said that between Nov. 15 and Nov. 28 (Thanksgiving and the day before Black Friday), the attackers succeeded in uploading their card-stealing malicious software to a small number of cash registers within Target stores.

Those same sources said the attackers used this time to test that their point-of-sale malware was working as designed.

By the end of the month — just two days later — the intruders had pushed their malware to a majority of Target’s point-of-sale devices, and were actively collecting card records from live customer transactions, investigators told this reporter. Target has said that the breach exposed approximately 40 million debit and credit card accounts between Nov. 27 and Dec. 15, 2013.

Anatomy of the Target Breach

Recent Articles

Payment Card Interchange Fee and Merchant Discount Antitrust Litigation

PCI Compliance Certification 2014

EMV Implementation: Smart Cards are Coming to the US