Autopsy of a Data Breach: The Target Case

8,00 $50,00 $

CASE STUDY. This case revisits the events in late 2013 that gave rise to what was at the time the largest breach of confidential data in history. Indeed, on December 19, 2013, Target announced that its computer network had been infiltrated by cybercriminals who stole 40 million debit and credit card numbers as well as the personal information of some 70 million additional customers.

Pour acheter une License d'enseignement, vous devez vous enregistrer et être approuvé par notre administration.

Description

Abstract

This case revisits the events in late 2013 that gave rise to what was at the time the largest breach of confidential data in history. Indeed, on December 19, 2013, Target announced that its computer network had been infiltrated by cybercriminals who stole 40 million debit and credit card numbers as well as the personal information of some 70 million additional customers. The case presents the cybercriminals’ activities leading up to the breach, details of the commission of the theft, the measures that Target had put in place to deter such attacks, its ill-fated response during the attack and, finally, the impact of the breach on Target as well as on the retail industry as a whole. This case is also available in French here.

Teaching objectives

The case allows students to:

  1. familiarize themselves with the basic vocabulary related to information security;
  2. understand how threats can materialize, resulting in a major data breach (approaches and actors);
  3. identify the vulnerabilities of a business (by analyzing and understanding the different sources of risk);
  4. become aware of the fact that humans continue to be the weak link in the chain of information security;
  5. understand the principal control measures a business can deploy to protect itself;
  6. identify and understand the specific issues raised by information security, notably in a digital business environment.

Main themes covered

  • Information security
  • credit cards
  • controls
  • vulnerability of an organization

Concepts and theories related to the case

Risk management: risk sources and controls in an IT environment

Additional information

Teaching notes are available for professors. Contact HEC Montreal Case Centre.

Information complémentaire

Année

Annexe

Éditeur

Format

Industrie

, , , ,

Institution

Langue

Licence

,

Nombre de pages

Notes pédagogiques

Numéro centre de cas

Parution

Taille

Avis

Il n’y pas encore d’avis.

Soyez le premier à laisser votre avis sur “Autopsy of a Data Breach: The Target Case”