Target Hack: The Problem with Loose Security

Written by Sterling Gardner

March 10, 2022

Last week, we talked about the infamous Target hack of 2013. If you haven’t read my previous blog post yet, do that now! It gives some context to what we’ll talk about today. We’re going to talk about 3 security issues that allowed this hack to be so detrimental, and buckle up, because only one of them is Target’s fault.

First, hackers were able to steal login credentials from Fazio Mechanical Services (the HVAC company). Whether the hackers gained the credentials through phishing, brute force password guessing, or malware, FMS’s information was vulnerable.

Second, Target’s systems were not properly segmented or secured. Even if the HVAC company processed payments with Target, there should have been protections that stopped contractors from accessing Target’s entire payment system.

Third, the compromised companies that were used as drop locations for the stolen information were not being properly monitored or protected. Criminal activity should never go undetected in a system.

At every step of the way, there were failings in cybersecurity that made this massive breach possible. Next week, we’ll talk about what we’ve learned from this incident and how it could have been protected against.

Sign Up for Our Monthly Newsletter

Our monthly newsletters keep you up-to-date on the world of technology. Each month, we feature a letter from Charles, an article about current technology, and an introduction to one of our team members. Sign up below to receive them, free of charge or obligation, every month.

Fill out my online form.

Skip to content