Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Data Breach of 21st Century

Verified

Added on 2023/01/23

AI Summary

This report discusses the major data breach incidents at Heartland Payment Systems and Target Stores, analyzing the vulnerabilities, responsibilities, and mitigation strategies. It provides insights into the impact of these breaches on customer data and suggests risk mitigation techniques for organizations.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: DATA BREACH OF 21ST CENTURY
Data Breach of 21st Century
Name of the student:
Name of the university:
Author Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1DATA BREACH OF 21ST CENTURY
Executive Summary
The main aspect of this report is to deal with the security data braches that happened recently
in the organizations of Heartland Payment Systems and Target Stores. This report puts a clear
reflection on the analysis of these data breach incidents as well assessments are provided in
this report for the stated organizations. Moreover, this report also suggests about some risk
mitigation strategies for this type of organizations, which can be adapted to restrict this type
of incidents.

2DATA BREACH OF 21ST CENTURY
Table of Contents
1. Introduction............................................................................................................................3
2. Data Breach at various organizations.....................................................................................3
2.1 Heartland Payment Systems.............................................................................................3
2.1.1 How the attack occur.................................................................................................5
2.1.2 Vulnerabilities faced.................................................................................................5
2.1.3 Responsibility and reason of target...........................................................................5
2.1.4 Was it avoidable?......................................................................................................6
2.1.5 Can Cyber Insurance mitigate the risk......................................................................6
2.2 Target Stores....................................................................................................................6
2.2.1 How the attack occur.................................................................................................7
2.2.2 Vulnerabilities faced.................................................................................................7
2.2.3 Responsibility and reason of target...........................................................................8
2.2.4 Was it avoidable?......................................................................................................8
2.2.5 Can Cyber Insurance mitigate the risk......................................................................8
3. Similarities and Dissimilarities in the above organizations...................................................8
4. Mitigation techniques for future...........................................................................................10
5. Conclusion............................................................................................................................11
6. References............................................................................................................................12

3DATA BREACH OF 21ST CENTURY

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4DATA BREACH OF 21ST CENTURY
1. Introduction
A Data Breach refers to an incident in which information or data is stolen or accessed
without the proper authorization of the administrator or of the system’s owner. This incident
can be faced by large-scale organization as well as small-scale organizations. The data or
information that is stolen includes the data that are proprietary, sensitive and involves
confidential information that are likely to be customer personal information, the credit card
numbers, the secrets of trade as well as national security matters (Cheng, Liu and Yao, 2017).
The effect of the data breach provides great damage regarding the data loss or unauthorized
access of data in an organization.
This report will be dealing with two big data breach incidents that happened in the 21st
century. Both of the stated data breach incidents are said to be have affected more than 200
million customers. These two incidents have put adverse impacts on the customers regarding
their credit card information being compromised.
2. Data Breach at various organizations
2.1 Heartland Payment Systems
This organization deals with processing of payments of different customers as well as
facilitates users with different technologies. The organization started providing services in
1997 and have its headquarters at Edmond, Oklahoma. The Heartland Payment Systems
facilitates its customers by processing their payments. The organization provides services to
more than 275000 businesses (Sretenović et al., 2016). This business consists of mostly small
to mid-level retailers all over the country. The organization provides its payment processing
services, processing a maximum of 11 million transactions daily and the total cost of these
transactions goes $80 billion round the year. Moreover, the organization also developed

5DATA BREACH OF 21ST CENTURY
payroll-processing systems, school payment systems, mobile payments and many more
diversified payment-processing services that the users can avail to ease their transaction
process.
In 2009, the company announced that it has undergone certain disruptions in their
network of the payment processing servers. The company reported a security breach in which
the organization is came across some transactions that seems suspicious in the accounts of the
users. At the time of the security breach, the organization reported that they were processing
transactions of about 100 million credit cards (Opderbeck, 2015). The details of these cards
were exposed to this security data breach and the access to these card information were
leaked to the unauthorized body that were in behind of this data breach. The process of this
security breach was carried out by stealing the information, which are encoded with the
magnetic strips that are built in the back of debit as well as credit cards. The persons
associated with this data breach the information based on the users debit or credit cards are
counterfeited by imprinting data present on it. Further, the same information was fabricated
on the other cards and then the persons involved in the breach used these for their personal
usage. A report for this data breach included those more than 650 economical service
organizations were affected by this security breach and the overall data were compromised
(Scanio and Glasgow, 2015). Hence, this type of attack is recorded as one of the largest
criminal security breach that happened in recent times that mainly focused on the breach of
the information regarding the users associated with the processing of the payments associated
to Heartland Payment Systems.
With this security breach, the organization has to repay its customer’s loss that
included approximately about $140 million as penalties. This data breach actually happened
regarding the credit card of the customers being exposed via the injection of SQL codes that
installed spywares in the network system of the Heartland Payment Systems (Huq, 2015).

6DATA BREACH OF 21ST CENTURY
With this security breach the data or information of many customers were compromised
resulting in a huge economical loss. The consequences regarding this data breach that the
Heartland Payment Systems faced is said that the organization was deemed out with the
compliance of PCI DSS (Payment Card Industry Data Security Standard). This compliance
restricted Heartland Payment Systems to process their payments with the major credit card
service providers. The organization also reported an estimate of about $145 billion as a
compensation for the fraud happening transactions.
2.1.1 How the attack occur
The attack occurred at the organization in the security department via the injection of
the attacked SQL Codes that are infected with the spywares that had created the breach
causing the hamper of the customer information. These spywares easily affected the network
server of the organization resulting in the theft of the user’s credit as well as debit card
numbers.
2.1.2 Vulnerabilities faced
The important section where the organization faced the vulnerability with respect to
this breach is that the customers associated with the organization got exposed their personal
information to the hackers. These vulnerability caused the organization to face many
problems by the hackers related to the customers associated with it.
2.1.3 Responsibility and reason of target
The responsibility regarding the breach of the organization is said to be the security
department that are associated with the security of the customer information as well as the
network structure of the organization (Sharkey, 2016).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7DATA BREACH OF 21ST CENTURY
The main reason behind this organization to be an easy target in front of the hackers is
that the network security feature was so loose that it can be breached easily. For this reason
only the hackers got attracted for breaching this organization.
2.1.4 Was it avoidable?
The answer to this question can be said that it was possible for the organization to
restrict this security breach. This would had been done by enhanced security measures that
would had been implemented in the server systems of the organization.
2.1.5 Can Cyber Insurance mitigate the risk
This type of security breach where there are very high financial aspect are associated,
Cyber Insurance would have been a possible idea for the mitigation of these risks (Kosseff,
2017). The Cyber Insurance should have been adapted by the organization to mitigate this
kind of security breach.
2.2 Target Stores
The Target Store firstly started its store, on May 1, 1962, at Roseville, Minnesota. The
aim of this organization was to provide added features to the traditional and present
departmental stores in the country. The organization aims to facilitate the consumers of the
departmental stores with lowered prices regarding the products as well the discount
associated with the products that are available in the departmental stores (Plachkinova and
Maurer, 2018). The main purpose of the organization is to achieve the set goals by it in terms
of services, retail goods and overall practice of the users associated with the departmental
stores.
By the year of 2013, Target Stores came across a security breach that affected 70
million customers of the target systems. A group of security journalists firstly reported this
breach; however, the organization also confirmed the same with an announcement soon after

8DATA BREACH OF 21ST CENTURY
the report. With this security breach, the information of the customer was comprised which
duly affected about 110 million customer’s information (McMullen, Sanchez and Reilly-
Allen, 2016). This security breach affected the customer information that included the
customer’s full name, their physical as well as email addresses, their telephone numbers as
well as their payment transaction information that consists of debit as well as credit card data.
With the information being compromised, the customers faced many issues regarding the
money being deducted from their bank accounts and their personal information also being
hampered. The organization estimated the breach cost around $162 billion (Li et al., 2016).
This security breach happened because a group of hackers intentionally accessed the
network database of the organization via a third party vendor of HVAC to its POS (point-of-
sale) that gave access to the card readers that has been used by the customers to make
payment at the departmental stores (In, 2015). Through this breach, the group of hackers
collected a maximum of 40 million debit as well as credit card numbers. With these credit
and debit card numbers the group of hackers started staling the money from the customer’s
accounts.
2.2.1 How the attack occur
The attack occurred at this organization in the department of security via a third party
vendor of HVAC to the POS of the organization causing the breach of the customer
information. This party affected the organization’s network server resulting in the theft of the
user’s credit as well as debit card numbers and their personal information was also breached.
2.2.2 Vulnerabilities faced
The vulnerabilities that the organization faced with respect to this breach is that the
customers associated with the organization and distributors also that provide products to the
organization got exposed their personal information to the hackers. This vulnerability caused

9DATA BREACH OF 21ST CENTURY
the organization to face many problems related to the overall information and data associated
with it.
2.2.3 Responsibility and reason of target
The responsibility regarding this breach happening in the organization is said to be the
third party that are directly associated with the organization as well as has all the access to the
customer information present in the organization.
The main reason behind this organization to be an easy target in front of the hackers is
that the customer’s information were very much openly exposed in their network structure.
For this reason, the hackers got attracted for breaching this organization (Pigni et al., 2018).
2.2.4 Was it avoidable?
The answer to this question can be said that it was possible for the organization to
restrict this security breach. This would had been done by enhanced security measures that
would had been implemented in the database where the information of the customers are
stored.
2.2.5 Can Cyber Insurance mitigate the risk
This type of security breach where there are very high financial aspect are associated,
Cyber Insurance would have been a possible idea for the mitigation of these risks (Loza de
Siles, 2015). The Cyber Insurance should have been adapted by the organization to mitigate
this kind of security breach.
3. Similarities and Dissimilarities in the above organizations
Both the organization started dealt with huge number of customer personal data that
led the hackers attract these organizations as their target for creating this security breach.
Moreover in both the cases the security measures that were adapted by the organization was
very easy for the hackers to break and access the user database from the network of the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10DATA BREACH OF 21ST CENTURY
company (Karanja and Rosso, 2017). However, the path that were adapted by the hackers to
breach the security level of the above stated organizations were different but the motive was
very much similar in both the cases. Hence, it can be said that the primary reason for which
these organizations became the target companies for the hackers is that both the companies
had great customer base and this customer base had more customer details that could be
easily availed by the hackers. The credit as well as the debit card information were very
easily handed over to the hackers due to the cheap security measures used by both the
organizations for securing their customer personal information (Soomro, Shah and Ahmed,
2016). The transaction gateway was also not such advanced that would had restricted the
hackers from breaching it.
Both the organizations should had made more financial investments regarding their
security features of the network environments. A special team should had been implemented
by both of the companies regarding the risk mitigation techniques for the issues that can arise
in the organization. These teams would have been provided with all the high quality features
and equipment that can help the organization to mitigate the risks that are or will be occurring
in the organization. Further, it can be said that both of the organization should had enhanced
their payment processing systems to prevent any kind of breaches that had happened. The
company should learn from the other companies present in the market dealing with the same
domains that how they are restricting their network bases from such kind of security breaches
(Schatz and Bashroush, 2016).
In this context, the Heartland Payment Systems should take advices from the other
security agencies that are implemented in the other organizations to restrict them from such
security breaches. The advice that can be provided to the board of the Heartland Payment
Systems is that the management team should have the capability of anticipating such kind of
security breaches and if they could not anticipate such situations prior to the occurrence. The

11DATA BREACH OF 21ST CENTURY
most important advice that I would like to provide the organization that the equipment that
are associated with the security features of the organization should be of enhanced quality
and must have the ability to perform the restrictive measures regarding the security breaches
that can happen in the organization (Alliance, 2015).
4. Mitigation techniques for future
The above organization should adapt some methodologies for the restriction of this
kind of security breaches in the near future. The methodologies for the mitigation of such
risks are stated below:
End-to-End Encryption: The organizations that deals with the huge payment transactions
like the above stated companies should use end-to-end encryption modes for the payment
procedures. The concept for the implementation of this type of encryption is to be done for
the assurance that the transactions are performed securely both from the participants as well
as from the server sections. The encryption should be done in the plastic card itself. This
methodology should have been used by both the organizations in order to restrict this kind of
security breaches happening in the future.
Tokenization: This technology uses tokens or random numbers that are generated by the
system itself and are to be replaced by the physical data cards (Hunter, 2019). With this
technology the hackers could not easily breach the actual data that the card is possessing The
hackers will only receive the data which the physical card is carrying but not the actual data
that is carried by the server systems regarding the customer information.
Chip Technology: This technology can be directly embedded in the computer systems where
the data or information of the user are kept (Kasiyanto, 2016). This technology will enhance
the user experience regarding the usage as well as can restrict the hackers from breaching the
customer’s data.

12DATA BREACH OF 21ST CENTURY
Moreover, it can be said the above stated mitigation techniques can be used by the
above stated organizations in order to restrict the hackers from breaching the data of the
customers (Shu et al., 2017). These solutions are innovated technologies once which applied
in these organizations will lower down the chances to get the data hacked or occurrence of
any security breaches.
5. Conclusion
Thus, the above stated report gives us a brief idea about the security breaches
regarding the two well-known organizations that are Heartland Payment Systems as well as
Target Stores. The reason for the security breach, the occurrence of these breaches, the after
effects regarding this breaches as well as the future mitigation strategies are well described in
the project. Thus it can be concluded that similar organizations should take this report as an
example for the mitigation of such situations and restrict their data getting breached in the
similar manner that the above stated organizations has recorded in the past.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13DATA BREACH OF 21ST CENTURY
6. References
Alliance, S.C., 2015. Technologies for Payment Fraud Prevention: EMV, Encryption, and
Tokenization. Last accessed on, 15.
Cheng, L., Liu, F. and Yao, D.D., 2017. Enterprise data breach: causes, challenges,
prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and
Knowledge Discovery, 7(5).
Hunter, D., 2019. Data Breach Impacts on Companies and Their Consumers.
Huq, N., 2015. Follow the data: Analyzing breaches by industry. TrendLabs Research Paper.
In, M.S., 2015. Target says up to 70 million more customers were hit by December data
breach.
Karanja, E. and Rosso, M.A., 2017. The chief information security officer: An exploratory
study. Journal of International Technology and Information Management, 26(2), pp.23-47.
Kasiyanto, S., 2016. End-to-end encryption in on-line payment systems: The industry
reluctance and the role of laws. IANUS 2015–MODULO JEAN MONNET, 2015(Jean Monnet
Modul), pp.99-126.
Kosseff, J., 2017. Defining Cybersecurity Law. Iowa L. Rev., 103, p.985.
Li, T., Paja, E., Mylopoulos, J., Horkoff, J. and Beckers, K., 2016, June. Security attack
analysis using attack patterns. In 2016 IEEE Tenth International Conference on Research
Challenges in Information Science (RCIS) (pp. 1-13). IEEE.
Loza de Siles, E., 2015. Cyber Security and Cybercrime. Landslide, 8, p.6.

14DATA BREACH OF 21ST CENTURY
McMullen, D.A., Sanchez, M.H. and Reilly-Allen, M.O., 2016. Target security: a case study
of how hackers hit the jackpot at the expense of customers. Review of Business & Finance
Studies, 7(2), pp.41-50.
Opderbeck, D.W., 2015. Cybersecurity, Data Breaches, and the Economic Loss Doctrine in
the Payment Card Industry. Md. L. Rev., 75, p.935.
Pigni, F., Bartosiak, M., Piccoli, G. and Ives, B., 2018. Targeting Target with a 100 million
dollar data breach. Journal of Information Technology Teaching Cases, 8(1), pp.9-23.
Plachkinova, M. and Maurer, C., 2018. Teaching case: Security breach at Target. Journal of
Information Systems Education, 29(1), p.11.
Scanio, S. and Glasgow, J.W., 2015. Payment Card Fraud, Data Breaches, and Emerging
Payment Technologies. Fidelity Law Journal, 21.
Schatz, D. and Bashroush, R., 2016. The impact of repeated data breach events on
organisations’ market value. Information & Computer Security, 24(1), pp.73-92.
Sharkey, C.M., 2016. Can Data Breach Claims Survive the Economic Loss Rule. DePaul L.
Rev., 66, p.339.
Shu, X., Tian, K., Ciambrone, A. and Yao, D., 2017. Breaking the target: An analysis of
target data breach and lessons learned. arXiv preprint arXiv:1701.04940.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), pp.215-225.
Sretenović, M.B., Petković, J., Jovanović, B. and Nauka, F.O., 2016. Prevention of fraud in
electronic payment systems. ICT AND MANAGEMENT 754, p.778.

1 out of 15

+13062052269

info@desklib.com

Data Breach of 21st Century

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Data Breach of 21st Century

HEARTLAND PAYMENT SECURITY SYSTEM BREACH Name Instructor

Data Breach Notification Law Letter: Case Study of Heartland

Cyber Security Management Assignment 2022

CSE5CRM CYBERSECURITY RISK MANAGEMENT.

Case Study: The Home Depot Data Breach