of affiliation Consumer protection Task one: Details of Target Data Breach Days before the Thanksgiving Day for Target, someone managed to install Malware in the payment and security systems of the company. The design of the malware was such that it would take the credit card number of each client who used any of the 1797 stores in the United States. The malware installation occurred on 30th November 2013, a Saturday when the attackers’ only remaining task was to plan the route through which the stolen data would escape. However, during the hackers uploading of the exfiltration malware that would move the data to the US staging point to cover tracks followed by Target computers in Russia, FiereEye not only spotted but also reported to the security team in Minneapolis from November 30 to December 2 although this has not yet been revealed by Target (Riley, Elgin and Lawrence 7).
Despite the report on the bleach, there was not reaction from Target until mid-December when the US department of Justice notified them. According to Rosenblum (4), the belief has been that the hack occurred at the company’s point of sales or POS system but the truth was that the hackers had even roamed across target network of servers searching for information such as email addresses.
This is a revelation that they had access to the company’s firewalls through port 80 where they managed to convince the firewall that they were bad software and should be allowed into the system. Another loophole in the security system of retail shops lack of unity against organized retail crime or ORC due to increased incidents of cyber security (Rosenblum 7). Steps taken by target afterwards According to Riley, Elgin and Lawrence (6), Target’s chief Executive officer Gregg Steinhafel said the company is conducting end-to-end review of its employees, technology and processes with the aim of understanding the company’s opportunities to improve security on data.
The company is also committed to learn from the experience and has already begun and overhaul of its structure of information security given the FireEye has an option to detect and delete malware without human intervention and which had been turned off.
Target is also in the process of accelerating transition to cards such that they are chip-enabled. Additionally, Leger (n. p) highlights that Target is moving from REDcards that used magnetic strips to Chip and PIN technology or smart cards. The advantage with Chip and PIN technology is that it is not at all easy to change software and deploy it. Task two: One year free credit monitoring services During Target’s data breach, over personal information of over 70million customers was breached. In return, the company has offered a one year free-credit monitoring to its customers.
Like Fottrell (1), I agree that the proposed free credit care monitoring using “ProtectMyID” is not sufficient action especially when it comes to regaining the confidence of its customers. For Target, there is need to understand that the harm caused by the breach is on loss of customer confidence and trust. In this regard, offering the free service will be a two way event that will be good news to some but for others it will just not be sufficient to help them recover what they lost. Additionally, Fottrell (3) highlights that although there will be alerts sent do not send identification of whether or not the card has been used by an authorized or unauthorized person.
In this case, sending and alert of use would not be of any significance given that monitoring will only focus on changes on the credit report. Further, it is worth realizing that the customers whose personal information was stolen are at risk of phishing in form of text messages, calls and emails which appear to offer them protection while their intention is to obtain more personal information.
The next big question is that of what happens after one year to those whose personal information has been taken from them (Fottrell 4). This does not mean that the hackers will stop using their details maliciously after one year. One year of credit monitoring therefore becomes insufficient. Task three: Federal Government’s adoption of standard measure I do agree with the federal government that companies should comply with uniform federal standard that requires them to immediately report instances of electronic personal information theft (Leger).
The government is in support of curbing cyber crime through the introduction of smart cards fitted with computer chips and not magnetic strips. Additionally, companies are required to offer information about breach to customers in the shortest time possible. This move will enable them to be aware of their vulnerability to identity theft or other harm. So far, retailers have not taken any relevant measures to protect their clients’ personal information from cyber insecurity. As a result, there is no rule or requirement that all retailers operate under for purposes of preventing cyber insecurity issues.
In the presence of federal data security and breach notification law, it will be possible to simplify businesses compliance hence promoting consumer protection. In my opinion, having a centralized form of breach control is a good measure in ensuring that companies as large as Target with clients in every state in the United States receive the right breach information at the right time. Centralization does not restrict companies from having other internal measure to curb cyber insecurity. On the contrary, it is a way of ensuring that it offers a central source of power to act in preventing harm to clients in decentralized locations throughout the nation and the world.
This way, it is possible to act fast in preventing unreasonable harm from befalling innocent users by raising reliable and valid awareness. Again, new technology being released to curb breaches is very expensive and for most businesses it is not possible to afford such which then paves way for uniform federal standards which are mandatory. Works Cited Fottrell, Quentin. Credit monitoring won’t help Target breach victims: The services won’t stop many types of fraud.
17 January 2014. 18 April 2014.. Leger, Leinwand, Donna, . Obama administration seeks tougher cyber-security law. 11 February 2014. 18 April 2014.. Riley, Michael, et al. Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It. 13 March 2014. 18 April 2014.. Rosenblum, Paula. The Target Data Breach Is Becoming A Nightmare. 17 January 2014..