Description
The case must address data privacy, hacking, and it should also address an ethical situation as this is an ethical analysis assignment. Individuals with identified names must be involved and specific data should be identified for the case.
Unformatted Attachment Preview
Purchase answer to see full attachment
Explanation & Answer
please check this one and let me know if we need more edits. Feel free to ask me any question.
Student Name:
Student ID #:
Case Study Name: A Case Study of Data Breach in Target Corporation (one of the largest
retailers in the United States)
Part 1 – Describing the Mess
It was in the year 2013 when Target corporation - one of the largest retailers in the
United States – was hit by a massive, extensive and historical cyber-attack. Private credit cards’
information belonging to 40 million of its customers was jeopardized. The company was hacked
by breaking into their serve (suggestively via one of their vendors), as the hackers stole
customer’s credit card information. Since the hackers were now in the Target’s network
infrastructure, implanted in their server, they planted malware on Target’s payment system in
order to have a gateway to extract customer’s data right from that location. The malware was
programmed automatically send data to three different staging points in the United States
between 10.a.m and 6.p.m. Central-Standard-Time. At this time, traffic from the regularworking-hours could submerge the outbound data traffic created by the malware. (Elgin, Matlack
& Riley). The attack was thought to have occurred at the month of November closed to end, but
an official pubic statement was made public at the middle of December by the Target,
presumably, after the U.S. Federal authorities gave them information about the attack. Moreover,
just before Christmas festival, Target made another confirmation of an attack affecting 70
million customers, costing the company around $200 million; and an extra $100 million
investment meant for revamping their systems in matters cybersecurity and for installing a “chipand-pin” technology. Following the attack, ethical motives took its course: a response plan and
procedures for cybersecurity was rolled down in the days that followed the attack. Around 100
lawsuits were also filed, as its CEO resultantly resigned during that time. (Clark) Gregg
Steinhafel, the CEO then, resigned in May 2014, paving way for the hire of a new CEO. The
Chief Information Officer was also replaced.
Part 1 – Separating the Parts
Actually, before the attack, Target had put in place a new program for their cybersecurity
in the name of FireEye – a program globally used by government agencies. FireEye is effective
when it comes to the detection of sophisticated malware. It was reported that the FireEye
program detected server anomalies in Target’s system, but the security team failed to respond
immediately. Lack of communication between the company management and the cybersecurity
team provided an easy path of success for the hacking. (Elgin, Matlack & Riley).
Therefore, from the stakeholder’s perspective, the technology powered by the FireEye
program was tasked with the malware’s detective control measures, whereas both the
cybersecurity and the company’s management were tasked with corrective and/or preventive
measures, in the contextcyber security controls.
The U. S. Federal authorities too had to get involved in order for Target’s management
authority to finally confirm their imminent loss in matters cyber security.
Part 3- The Ethical “Threshing Floor”
In this case of Target’s data breach, we can relate to both Utilitarianism and Kantian
Ethics; as well as virtue ethics to make ethical analyses. To mention, Utilitari...