Breaking the Target: An Analysis of Target Data Breach and Lessons Learned

TL;DR

This paper analyzes the Target data breach, examining the attack steps, malware involved, legal implications, and proposes security improvements and best practices to prevent similar incidents.

Contribution

It provides a detailed analysis of the Target breach, introduces security guidelines, and discusses legal aspects, offering practical lessons for cybersecurity enhancements.

Findings

Detailed attack and malware analysis

Proposed security guidelines for merchants

Best practices for credit card security

Abstract

This paper investigates and examines the events leading up to the second most devastating data breach in history: the attack on the Target Corporation. It includes a thorough step-by-step analysis of this attack and a comprehensive anatomy of the malware named BlackPOS. Also, this paper provides insight into the legal aspect of cybercrimes, along with a prosecution and sentence example of the well-known TJX case. Furthermore, we point out an urgent need for improving security mechanisms in existing systems of merchants and propose three security guidelines and defenses. Credit card security is discussed at the end of the paper with several best practices given to customers to hide their card information in purchase transactions.