Turn back the clock to late last year. At the height of the holiday season, between November 27 and December 15, hackers certainly gave new meaning to the term “hit the bull’s-eye!”
Cybercriminals toyed with retail giant Target, known for the circular red and white logo that symbolizes its name. Information from 40 million guest debit and credit card accounts was stolen – or so it was thought. The initial estimate, already among the largest in U.S. corporate history, turned out to be a fraction of the total. Today, it ranges from 70 million to 110 million, depending on reports.
Particularly alarming is the ease with which hackers accessed customers’ data at the in-store level: They swiped it off the cards’ magnetic strips during the check-out process. According to the New York Times:
“The stolen data was then lifted and stored on an infected server inside Target, awaiting an order from the criminals. The coding was easily manipulated so that it could receive instructions from its handlers in real-time, changing at their command.”
Making matters worse for the second-largest U.S. retailer – which operates 1,797 stores in the United States – is that it was not only recent customers whose financial data was compromised. Data for shoppers dating back a decade was also taken in the cyberattack. Target dealt with a 46% drop in fourth-quarter net profit and paid $61 million in breach-related costs, according to Reuters. And on March 5, Chief Information Officer Beth Jacob resigned.
The fallout was indeed fast and furious.
The data breach “took the wind out of Target’s sails – and unfortunately sales,” Sandy Skrovan, U.S. Research Director at Planet Retail, told Reuters.
The breach also created quite a ripple effect of havoc. The Target breach cost credit unions $30.6 million, and they have reissued roughly 4.6 million credit and debit cards, according to updated figures from the Credit Union National Association (CUNA). On average, the cost computes to $5.68 per affected card. Moreover, costs incurred by credit unions is likely to continue for some time, as it’s unclear how many future fraud issues will arise from the Target attack.
How might a similar scenario affect a small to mid-sized business? Have a look at this GFI eBook. And keep in mind that Target ranks No. 36 on the list of Fortune 500 companies, according to CNN Money. Financially, it can survive this IT security nightmare. A data breach of this severity, albeit on a small business scale, would cripple most companies. Managing a network – particularly for an IT staff whose time and resources are limited – is a tremendous challenge.
Working with solutions that automate storage and analysis of business data is a smart way to keep savvy cybercriminals at bay.