-
サマリー
あらすじ・解説
In this episode, the guys chat about how easy it is to go off target with data security and how people are so willing to give up their privacy for a good customer experience. Nico talks about why it's better to come out with problematic information quickly versus holding on to it until you have every detail down. Target got worse before they got better. While that may be unusual, what isn't unusual is that - like most brands, products, and people - no matter what order they did it in, Target still had to fail before they got better. Prior to the early 2010s Target seemed to be making consistent but more or less uneventful accomplishments. After 2013, however, is a different story. Today’s topic - Target data breach in 2010s. What Happened then? Target Canada In 2013, two things happened that caused Target to be subject to a brief and mortifying downfall. One of those things happened to Target while the other was an experiment gone wrong on their end. The smaller and first to happen of those two is Target Canada. In March, 2013, Target opened its first Canadian stores. Sadly, they weren’t meant to last. The expansion into Canada presented Target with a host of problems. The most notable obstacle might be the supply chain issues that resulted in stores with aisles of empty shelves and higher-than-expected retail prices. On January 15, 2015, Target announced that all 133 of its Canadian outlets would be closed and liquidated by the end of the year. The failure of Target Canada certainly didn't help Target by any means. But this failure wouldn’t have hurt them as badly as it did if it weren’t for the timing of their second failure - the one that happened to them. Data Breach Had Target’s 2013 data breach not happened eight months after the company launched its soon-to-be-short-lived subsidiary, it might not have felt like a second punch to the face. On November 27th, 2013, Target started experiencing a data breach. ‘Started to experience a data breach’ because the breach lasted for a total of 19 days - from November 27th (two days before Black Friday) to December 15th. Part of the kicker here is that the breach reportedly went on for 16 of those 19 days before it was even detected. It would be 20 more days after the discovery before Target would notify the public about the breach.Initially, Target believed around 40 million consumer credit and debit card information - including customer names, card number, expiration date, and CVV - had been stolen. In one of their earliest statements, Target claimed consumer PIN data hadn’t been part of the breach. On January 10th, 2014 Target had another announcement to make. They announced that an additional 70 million people had been affected by the breach - bringing the estimated total to about 110 million customers. That wasn’t the only thing Target had to add. They also had to inform the public that on top of credit card information, the stolen customer information included names, mailing addresses, phone numbers, and email addresses. Obviously, there’s a moral of the story here but there’s a technical takeaway too. The most effective way to learn from the latter might be to break down the attack. The anatomy of the attack on Target’s data consists of five different points: preliminary surveycompromise of a third-party vendor or vendorsleveraging Target's vendor-portal accessgaining control of Target serversTarget's point of sale (POS) systems. Yahoo Data Breach After the breach was announced, the biggest public criticism of Target was that they didn't announce the breach sooner. For the customers whose personal information was stolen, that’s a fair criticism but, when looking at data breaches in the 2010s, it doesn’t give Target nearly enough credit. Target is not the only company to experience a data breach in the 2010s (or 2013 alone for that matter) but the 20 days they kept the breach under wraps pales in comparison to how long other com...