Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Target Security Breach Case Analysis

No description

Chey Peterson

on 6 November 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Target Security Breach Case Analysis

Target Credit Card
Security Breach

Initial Response
Target Stores
Second largest theft of credit card details in American history
Black Friday & Christmas Shoppers
2nd Largest Discount Retailer in the US
40 million
70 million more
Personal Information
Mailing Adresses
Phone Numbers
Credit Card Information
Encrypted PINs
Customers Names

Credit and Debit Card Numbers
Card Expiration Dates
Embedded code on the magnetic strip
Biggest Shopping Days of the Year
110 million
Expect More?
November 27th, 2013 - January 10th, 2014
Conner, Kelly, Stephen C. Brokaw, and Kristy McManus. "Post-Crisis Communication in a Technology Driven Environment: Target Data Breach Analysis."

Haynes, Jeff. "Social Media Crisis Communication: Lessons From Target's Data Breach."
9 June 2014. Web. 5 Nov. 2014. <http://www.buchananpr.com/2014/06/fixing-data-breach-pr>.

Lee, Thomas. "Target Strives to Patch Its Image after Huge Data Security Breach."
Star Tribune.
25 Dec. 2013. Web. 5 Nov. 2014. <http://www.startribune.com/business/237207491.html>.

Stout, Hilary. "To Regain Trust, Target Must Do More, Crisis Experts Say." The New York Times.
The New York Times
, 10 Jan. 2014. Web. 5 Nov. 2014.

Tipton, Stephen, and Young Choi. "The Target Security Breach: A Case Study." (2014).
Response After Second Breach
Made a pledge to invest $5 million in cybersecurity education for stakeholders
Offered Target guests 10% off their purchases, the weekend following the initial breach
Offered all Target shoppers a year of free credit monitoring to ensure security of their credit cards and avoid identity theft
Jan. 10,
: Target says an additional 70 million customers have been affected. Totaling 110 million customers compromised
Jan 13th: CEO Steinhafel offers apology in full newspaper ad
Feb. 4th: CFO John Mulligan testifies before the U.S. Senate Judiciary Committee, stating Target invested hundreds of millions in data security & rejects claims its systems weren’t up to par
May 5th: Bob DeRodes, a former tech adviser in several federal government agencies, takes over as Target’s chief information officer. Target CEO Gregg Steinhafel resigns.
Dec. 13,
: Target exes meet with the U.S. Justice Dept
Dec. 14: Target hires a third-party forensics team to investigate the hack.
Dec. 15: Target confirms that criminals had infiltrated its system... Target removes malware from "virtually all" registers in U.S. stores. The public remains unaware of the data breach.
Dec. 18: Security blogger Brian Krebs, of KrebsOnSecurity, first reports the data breach. The Secret Service investigates.
Dec. 19: Target publicly acknowledges the breach on defense. The CEO, Gregg Steinhafel stated, “We regret an inconvenience this may cause.”
Further Response
with Material Actions
Response ultimately meant well
Material compensation was well developed
Investment in future security research, shopper discount, and credit card fraud watch
Better prepared for the second security breach in January and therefore more transparent
Created a new security position, a new chief information officer, Bob DeRodes
Ultimately the CEO Gregg Steinhafel resigned
Efforts were a too little too late - never want to be on the defense.
Could have expressed more sympathy within their social media and internet channels
Unprepared for overwhelming tweets, posts & calls
Made false assurances - minimized the actual effects the breach had on security and the encrypted pins
Press releases & videos on website from CEO were sales-y and superficial
Ultimately further upset more people
Utilized overly positive wording and "happy" speak too soon when customers were still panicked and feeling compromised
Target leadership’s biggest flaw: they stayed silent when they should have broken the story themselves and over-communicated
Now fewer will believe when they do speak
Do not make false assurances
Report bad news as quickly and efficiently as possible
Balance the "happy" and "straight" talk
Appoint a strong, genuine public face for Target
Be ready to communicate & accommodate worried customers and stakeholders
Explain why the narrative keeps changing on extent of the breach
In Crisis
Should have implemented more pre-crisis tactics by:
Listening to their emergency response systems (they were notified early in November but assumed it was a malfunction)
Identifying vulnerabilities
Formulated key genuine messages
Gathered information on credit card security
Know what is being said about your organization on the internet
simple detection could save time and $$
Give stronger consideration to social media personality
Aligned themselves with other organizations who were also targeted immediately upon association to establish control and share responsibility
(Neiman Marcus & Home Depot)
Post Crisis
Update stakeholders on their organization security investment and the future measures to prevent these massive security breaches
Offer shoppers discount again this 2014 holiday season, as a thank you for returning
Extend another year of free credit card watching to anyone who received fraud in the past year due to breach
Measure impact evaluation, with specific and general measures, to rebuild, understand, and learn from the crisis wholly
Media Headlines
Full transcript