Target Data Breach
Back to Recollections
Intermediate
2013

Target Data Breach

Target: Retail Giant POS
Impact: Massive Retail Compromise

Operational Briefing

How a simple HVAC vendor compromise led to the theft of 40 million credit card numbers during the holiday shopping season.

The Full Story

During the 2013 holiday season, Target suffered a massive data breach. Hackers stole 40 million credit and debit card records and 70 million customer records.

Technical Analysis

The Chain

  • Entry: Stolen credentials from a third-party HVAC vendor (Fazio Mechanical).
  • Pivot: Moved from vendor portal to billing system, then laterally to the POS network.
  • Malware: Installed 'BlackPOS' RAM-scraping malware on point-of-sale terminals to capture card data before encryption.

Available Modes

Offensive
Replicate the attack vector
Defensive
Harden systems & patch
Analysis
Forensic investigation

Event Timeline

Nov 2013
Attackers compromise HVAC vendor credentials.
Nov 27, 2013
Malware installed on POS systems.
Dec 15, 2013
Target begins disabling malware.
Dec 19, 2013
Target publicly confirms breach.
#POS Malware#Lateral Movement#Vendor Risk