LLMpediaThe first transparent, open encyclopedia generated by LLMs

Target data breach (2013)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Information Security Forum Hop 5
Expansion Funnel Raw 58 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted58
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Target data breach (2013)
NameTarget
TypePublic
IndustryRetail
Founded1902
HeadquartersMinneapolis, Minnesota
Key peopleBrian Cornell
RevenueUS$75.4 billion (2013)

Target data breach (2013)

The Target data breach occurred during the 2013 holiday shopping season when electronic payment card data and personal information from millions of customers were exfiltrated from Target Corporation systems, prompting responses from corporate executives, federal agencies, and state authorities. The incident catalyzed discussions among cybersecurity researchers, financial institutions such as Visa and MasterCard, and legislators in the United States Senate and United States House of Representatives about retail security, point-of-sale vulnerabilities, and consumer protection.

Background

In 2013 Target Corporation was among the largest retailers in the United States with extensive operations across the United States and partnerships with payment networks like Visa and MasterCard, suppliers including Neiman Marcus and competitors such as Walmart and Kroger. Prior breaches at companies like TJX Companies and incidents involving malware noted by researchers at Symantec and Kaspersky Lab had established patterns of point-of-sale compromises, while standards bodies including the Payment Card Industry Security Standards Council promulgated the Payment Card Industry Data Security Standard (PCI DSS). Corporate leadership, including CEO Gregg Steinhafel, faced scrutiny as journalists from outlets like The New York Times, The Wall Street Journal, and Bloomberg L.P. reported on security practices, vendor relationships, and third-party access privileges.

Breach timeline

Investigations by entities such as FireEye, Verizon, and the United States Secret Service reconstructed a timeline beginning in late November 2013 when malware appeared on point-of-sale terminals at numerous Target Corporation stores. Initial compromise vectors were traced to vendor credentials associated with a third-party HVAC contractor, while subsequent exfiltration occurred over days into December 2013, impacting card-present transactions during peak seasonal shopping. Public disclosure to the press and regulators followed as reporting by Brian Krebs and coverage on NBC News and CBS News accelerated. Congressional hearings in the United States Senate Committee on Commerce, Science, and Transportation and testimony before the United States House Financial Services Committee occurred in 2014.

Method and scope

Attackers deployed custom point-of-sale malware that intercepted magnetic-stripe data from payment terminals, similar in technique to malware analyzed by firms such as Trustwave and documented in advisories by United States Computer Emergency Readiness Team. The compromise leveraged stolen credentials from a trusted vendor—mirroring supply-chain risks seen in incidents involving SolarWinds and other third-party breach cases—and used outbound channels to transfer data to drop servers, some linked to infrastructure in Eastern Europe and hosted by providers discussed in reports by FBI analysts. Estimates of affected consumers varied: initial counts cited 40 million payment cards, while personal information for up to 70 million individuals, including names, email addresses, and phone numbers, was reported by investigators and consumer advocates such as Consumer Reports.

Detection and response

Security vendor FireEye and monitoring firm Mandiant were among those whose signatures and analyses aided understanding of the malware, but criticism emerged over delayed internal detection by Target's security team and the role of a third-party security provider. Target engaged law enforcement partners including the FBI and the United States Secret Service, worked with payment networks Visa and MasterCard on fraud mitigation, and offered credit monitoring through firms like Experian. Congressional inquiries, led by lawmakers such as Rep. Debbie Wasserman Schultz and Sen. John McCain, scrutinized executive testimony from Gregg Steinhafel and Chief Information Officer Beth Jacob. Retail industry groups including the National Retail Federation issued guidance on incident response and consumer notification.

Impact and consequences

The breach precipitated immediate financial consequences: Target reported losses through increased card-replacement costs, settlements, and a drop in same-store sales during key quarters, affecting stock performance on exchanges like the New York Stock Exchange. Consumer trust erosion benefited competitors such as Walmart in short-term sales comparisons, while payment networks accelerated fraud-monitoring measures. Major banks including JPMorgan Chase and Bank of America advised cardholders and absorbed fraud losses; litigation by affected financial institutions and consumers followed. The incident intensified debates in the United States Congress over data security legislation and prompted municipalities and states including Minnesota and California to consider regulatory responses.

Target faced class-action lawsuits by consumers and consolidated suits by financial institutions; notable settlements involved payment card issuers and state attorneys general, and included multi-party agreements overseen in federal courts such as the United States District Court for the District of Minnesota. In 2015 Target agreed to a settlement providing consumers with card-monitoring services and paid hundreds of millions to banks to resolve claims related to reissuing cards and fraud liability. State attorneys general from jurisdictions including New York and Massachusetts pursued civil penalties and remedial actions, while shareholder derivative suits and investor litigation reflected scrutiny from entities like the Securities and Exchange Commission.

Security reforms and legacy

The breach accelerated adoption of EMV chip-and-PIN and contactless payments across the United States as industry-wide migration plans advanced, influenced by payment providers Visa and MasterCard and terminal manufacturers like Ingenico and Verifone. Retailers increased investment in network segmentation, endpoint detection, and standards compliance promoted by the Payment Card Industry Security Standards Council, with firms such as Symantec, Cisco Systems, and Palo Alto Networks offering solutions. Academic institutions including Carnegie Mellon University and Massachusetts Institute of Technology expanded research on retail cybersecurity, and the incident remains a case study in supply-chain risk, vendor management, and public-private coordination involving agencies such as the Department of Homeland Security and Federal Trade Commission.

Category:2013 in computing