...Cyber Attacks and Security: The Problem and The Solution Shamika A. Woumnm BIS/221 February 16, 2015 Gregorio Chavarria Cyber Attacks and Security: The Problem and The Solution In December of 2013, Target reported that up to 70 million customers worldwide were affected by a major security breach. It was reported that thieves stole massive amounts of credit and debit card information during the holiday season which also swept up names, addresses and phone numbers of their customers, information that could put victims at greater risk for identity theft. The Problem The Target breach is ranked as one of the worst ever. During the peak of the holiday season that year Target said that up to 40 million customers’ credit/debit card information had been stolen from people who shopped in their stores from November 27 to December 15. That following Friday that’s when another 70 million customers were affected, some of who, might have had their personal information compromised as well. Cyber criminals gained access to the computers entity and steered the information to a server in Eastern Europe to eventually sell on the black market card. According to the press, there when the two automatic intrutions alerts and installations of malware took place within the software and computer systems they were neither detected nor identified by the company. When there are security breach’s within a company it has a major effect on the company’s revenue...
Words: 558 - Pages: 3
...Security Breach Madeleisy Molerio HCS/533 December 1, 2014 KYM PFRANK Security Breach Patient medical records privacy and security is the most essential parts of the St. Johns Hospital program of behavior, the hospital take satisfaction in the complete policies and actions that are set to preserve patient privacy. Each worker is apprehended to an extreme standard of upholding the maximum level of confidentiality and privacy when is refer to patient health data. This document will make a summary of the strategy that St. John’s hospital has produced in a circumstance of a security breach or security risk in the service. The administration in the St. John’s Hospital have lately been informed that employees has perceived some of the cleaning person are browsing correspondence that was dropped in the Data Systems (DS) department, this has occurred on many occasions. The cleaning personnel is given by an outside company and are not hire directly by workers of St. John’s Hospital, which creates the security breach a little more dangerous. Workers have been trained to challenge the cleaning personnel if they eyewitness something similar like this, however a lot of the employee would prefer to have an affiliate of supervision to challenge the personnel. The employee in the DS department have been educated on what moves to proceeds when are conducting PHD and private data, nevertheless it appears that some of the employees are acting negligent when succeeding the guidelines...
Words: 1647 - Pages: 7
...Network Security Darren Jackson NTC/411 April 18, 2013 Dennis Williams Network Security White Lodging Security Breach In February 2015, KrebsOnSecurity reported that for the second time in a year, multiple financial institutions were complaining of fraud on customer credit and debit cards that were all recently used at a string of hotel properties run by hotel franchise firm White Lodging Services Corporation. The company said at the time that it had no evidence of a new breach, but last week White Lodging finally acknowledged a “suspected” breach of point-of-sale systems at 10 locations. Banking sources back in February 2015 stated that the cards compromised in this most recent incident looked like they were stolen from many of the same White Lodging locations implicated in the 2014 breach, including hotels across the country. Those sources said the compromises appear once again to be tied to hacked cash registers at food and beverage establishments within the White Lodging run hotels. The sources said the fraudulent card charges that stemmed from the breach ranged from mid-September 2014 to January 2015. White Lodging president and CEO, Hospitality Management, Dave Sibley stated in a press release issued April 8, 2015 that “after suffering a malware incident in 2014, we took various actions to prevent a recurrence, including engaging a third party security firm to provide security technology and managed services. These security measures were unable to stop the current...
Words: 933 - Pages: 4
...Running header: IPAD’S SECURITY BREACH iPad’s Security Breach The Business Enterprise- BUS 508 May 28, 2011 IPAD’S SECURITY BREACH Abstract Across the globe AT&T is known as the world’s leading integrated companies-applying innovative technologies to discover, develop and complete construction of the first transcontinental broadband-communications network. This paper will investigate and discuss some of the major issues involving Apple’s security breach. First determine if hacking into a website is ever justifiable, applying your theory to a real-world case in which someone hacked into a system, including the name of the company and details. We will create a corporate ethics statement for a computer security firm that would allow or even encourage activities like hacking. Secondly discuss if it is important for organizations like Gawker Media to be socially responsible; determine what factors CEOs should consider when responding to a security breach. Lastly, create an email script to be sent to AT&T customers informing them of the security breach and a plan to resolve the issue IPAD’S SECURITY BREACH Determine if hacking into a website is ever justifiable, applying your theory to a real-world case in which someone hacked into a system, including the name of the company and details. According to Bosker (2010), recently, private information of iPad owners have been exposed through a security breach that has brought major...
Words: 1991 - Pages: 8
...iPad’s Security Breach Samantha Phillips Dr. Prakash G. Menon BUS 508: The Business Enterprise May 29, 2011 Justifying Hacking into a Web site In 2010, McDonald’s said that customer information was exposed after a security breach involving an email marketing managing firm. McDonald’s released a statement explaining that information was obtained by an “unauthorized third party”, but added that financial information and social security numbers were not part of the data accidentally exposed. (Security Magazine, 2010) A security breach exposed iPad owners including dozens of CEOs, military officials, and top politicians. They, and every other buyer of the cellular-enabled tablet, were vulnerable to spam marketing and malicious hacking. The breach, which came just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel's information was compromised. In fact, it is believed 114,000 user accounts were compromised, although it's possible that confidential information about every iPad 3G owner in the U.S. has been exposed. (Tate, 2010) Earlier this year, the names and e-mails of customers of Citigroup Inc. and other large U.S. companies...
Words: 3288 - Pages: 14
...iPad’s Security Breach Zul-Jalaal Abdullah Strayer University Shelby Oaks campus Business Enterprise-508 April 21, 2011 Dr. Carolyn Tippett Discuss Goatse Security firm possible objective when they hacked into AT&T’s Website. Here’s what happened: Goatse Security discovered a rather stupid vulnerability on the AT&T site that returned a customer email if a valid serial number for the iPAD sim card was entered. (Arrington, 2010, para. 2). An invalid number returned nothing, a valid number returned a customer email address. Goatse created a script and quickly downloaded 114,000 customer emails. It was then turned over to Gawker, after, they say, AT&T was notified and the vulnerability was closed (Arrington, 2010, para. 2). Gawker published some of the data with the emails removed. Stated Goatse: “All data was gathered from a public web server with no password, accessible by anyone on the Internet. There was no breach, intrusion, or penetration, by any means of the word. ”(Arrington, 2010, para. 2). AT&T is characterizing the incident as “unauthorized computer “hackers” maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service (Arrington, 2010, para. 3). ”We don’t see much hacking here, and we don’t see anything really malicious (Arrington, 2010, para. 3). AT&T was effectively publishing the information on the open...
Words: 1778 - Pages: 8
...Case Analysis Questions for Security Breach at TJX 1. What are the (a) people, (b) work process and (c) technology failure points that require attention? Discuss each of the three issues in detail. 2. Provide a set of recommendations that can be used to improve and strengthen TJX’s IT security. What should be the short term priorities and long term plans for TJX in handling IT security? 3. Was TJX a victim of ingenious cyber crooks or did it create risk by cutting corners? How did a smart and profitable retail organization get into this kind of situation? Case Analysis Questions for Security Breach at TJX 1. What are the (a) people, (b) work process and (c) technology failure points that require attention? Discuss each of the three issues in detail. 2. Provide a set of recommendations that can be used to improve and strengthen TJX’s IT security. What should be the short term priorities and long term plans for TJX in handling IT security? 3. Was TJX a victim of ingenious cyber crooks or did it create risk by cutting corners? How did a smart and profitable retail organization get into this kind of situation? Case Analysis Questions for Security Breach at TJX 1. What are the (a) people, (b) work process and (c) technology failure points that require attention? Discuss each of the three issues in detail. 2. Provide a set of recommendations that can be used to improve and strengthen TJX’s IT security. What should be the short term priorities and long term plans for...
Words: 785 - Pages: 4
...Overview This case analysis report is about the IT security problems that Owen Richel, the Chief Security Officer of TJX should consider to improve by analyzing some security issues that TJX had faced during the 2005-2007 database intrusion. As technology advances, companies are facing some challenges regarding information privacy. “Information privacy concerns the legal right or general expectation of individuals, groups, or institutions to determine for themselves when, and to what extent, information about them is communicated to others.” (Lecture notes) One of the privacy problems includes unauthorized access, which violates the laws and company’s policies, can limit a person to access to his/her personal information, and threaten the company’s legitimacy in its interactions with its stakeholders. In this case, TJX experienced an information security breach, caused over 94 million of payment cards at risk, and paid $158 million for damages and losses. This serious problem was recognized by Owen and thus case discussion is carried out as follows. Stakeholders & Preferences Some of the important stakeholders are customers, financial institutions, vendors and distributors, shareholders, and the management and employees. The most important stakeholder is the customers that TJX has been long serving with because they are the very first group of people who were affected by the intrusion. It was the customers’ debit and credit cards information that were stolen which...
Words: 1948 - Pages: 8
...Security Breach at TJX 1. Identify & describe the failure points in TJX's security that requires attention (including, but not limited to: People, Work Process, and Technology)? After analyzing the Ivey case on TJX data fiasco, I would say there were three major failure points that caused this $168MM financial hit to the corporation. * Technology: it is obvious that TJX had several technology deficiencies mainly driven by systems limitations and vulnerability. For example, inadequate wireless network security allowed the hackers to attack specific stores just by using a laptop and an antenna which permitted the thieves access to the central database. As it was mentioned in the business case, TJX was using (WEP) as the security protocol and it is well-known in the e-commerce arena that WEP encryption can be deciphered in less than one minute which makes it very unreliable and risky for business transactions. Last but not least, TJX failed to encrypt customer data. * Auditors: it is concerning that TJX passed a PCI DSS check up and that non auditor noticed the technology issues TJX was facing. * Executives at TJX: It is evident that the company wasn’t in compliance with the Payment Card Industry (PCI) standards. Primarily, the person in charge of the IT department should have been on top of ensuring TJX to be in compliance, by setting expectations and objectives pertained to security within its organization. In addition to the head of IT, I...
Words: 826 - Pages: 4
...Name: Sampson Amoako Mensah Course: CSC-781 Instructor: Dr. Yen-Hung (Frank) Hu Topic: Target Security Breach Case Study Abstract This paper identifies the issues that cause the Target’s security breach, its also discusses the events that lead to the breach, identifies potential causes of this events, who was affected and how consumers reacted, the extent of the breach, and provide ways to address this events in addition to addressing risk management and data recovery for future occurrence. An Overview of the Breach In the days prior to Thanksgiving 2013, a malware was installed, on Target’s security and payment system, designed to steal credit cards that comes across the system. This malware targeted all the 1,797 stores own by target in the United States. The malware was coded, to pick up credit cards that were swiped at the register and stored on a server controlled by the hackers. Federal enforcement officials contacted Target on December 12, to alert them of the breach, target responded in three days to confirm the breach, Target reported about 40 million credit cards were stolen, about 70 million of personal records were also stolen. Events Leading to Breach Businessweek reports that hackers used the credentials of an HVAC vendor to get into Targets network, and spent several weeks installing the malware. hackers then sent the malware to the 1,797 stores owned by Target and got them installed on cashier stations, the malicious codes, will...
Words: 588 - Pages: 3
...IPad’s Security Breach Hacking is one of the things that most people worry about. There is sometimes a need to share personal information to different companies and people for different reasons. Hacking is a way for others to steal, share and use personal information that does not belong to them. It is defined as the use of computer and network resources as a means of obtaining information illegally. Hacking is considered as a felony in the United States (Sabadash, V. 2004). In recent years, people have become more conscious of whom, where and when they provide personal information because they know there is a chance that their information may be taken and used without their permission. When using the internet and other sources, many choose to use secured sites or sites that they trust will protect and keep their personal information private. Although companies usually take all necessary precautions in order to keep their clients information private, there are sometimes flaws in their systems and things may be overlooked. There are many examples of weaknesses with the prevention efforts and some of them are as follows: old software or software that has not been patched, default passwords that are poorly chosen, disabled security controls and web servers with poor configuration, just to name a few (Sabadash, V. 2004). With this assignment, I have reviewed some information regarding the security breach of Apple/AT & T’s IPad. The information has influenced my...
Words: 1664 - Pages: 7
...Question 1 TJX is the parent company of popular off-price retailers like TJ Maxx and Marshalls. Based in Framingham, Massachusetts, TJX has over 2,400 stores worldwide and earned US$17.4 billion in sales during the 2007 fiscal period. On December 18th, 2007, TJX discovered that it fell victim to one of the largest data theft cases in American history. Approximately 94 million credit and debit cardholders were affected by the attack. The American Secret Service and FBI had to investigate the breach and TJX lost millions of dollars in the following years due to class-action lawsuits and investigation costs. This report will analyze the causes of TJX’s IT security weaknesses and provide recommendations on what the company should do in the short-term and long-term to ensure something like this never happens again. Question 2 Management – TJX’s management needs to move fast and implement better IT security measures to prevent an attack like this from ever happening again. They must accomplish this while balancing lawsuits from credit card companies & customers and ongoing federal investigations while still managing day-to-day operations. TJX has already booked a provision of $168 million related to the attack and does not want to suffer any more financial loss. It also needs to regain customer confidence, which is crucial to maintaining its market leadership and sales. Customers – TJX’s customers have lost confidence in the company’s ability to store its sensitive...
Words: 2721 - Pages: 11
...Sony Play Station Security Breach It is almost impossible to find the top reasons why most security breaches happen on a secure network compromising hundreds to thousands of users’ personal information. To protect a network and thoroughly secure confidential information, one has to examine the top vulnerabilities and think outside of the normal box to protect it. When a security breach happens, there is usually a pretty simple reason why it has happened. I will discuss one of the highly publicized security breaches to happen in years, the Sony PlayStation Network & Qriocity music and video service, what caused the breach and how this could have been prevented. On April 27, 2011 more than 70 million customers of Sony’s PlayStation Network and Qriocity music service received a disturbing email saying that everything the company knew about them including where they live, when they were born, their logins and passwords, and possibly more information had been hacked into. On May 2, 1011, a week later, a second security breach occurred on a different Sony network. The Sony Online Entertainment Networks was targeted and compromised 24.6 million users. Of that number, 12.3 million had their credit card information stolen. Lastly 2,500 user’s names and addresses were leaked from the electronics division of Sony creating a third incident. A total of three security breaches in three weeks amounted in over 100 million users having their personal information stolen makes customers’...
Words: 584 - Pages: 3
...IPad Security Breach Kimberly Parker Dr. Brenda Harper The Business Enterprise- BUS 508 Strayer University May 25, 2011 Hacking a Website A group of expert hackers breached Eidos Montreal website which disclosed information of more than 25,000 email addresses along with more than some 350 resumes dated May 13, 2011. The details of the incident were reported by the company as "Square Enix who could verify that several hackers gained entry to portions of Eidosmontreal.com website along with several of the merchandise locations. Our company immediately removed the sites to further investigate the incident of what other information had been compromised. After a lengthy and thorough investigation, our company began to take the necessary precaution to safeguard the safety of these and of all our websites, before permitting the sites to go on-line again"(Square enix confirms data lifted in website raids • the register ). Nonetheless, data related with online e-commerce transactions and credit cards was available but not associated with the website. Similarly, many applicants have applied for recent job openings at the studio, their resumes were also stolen, revealing educational background, home address and contact numbers. However, the organization claimed that only email addresses were stolen. The businesses did however, verified that individual email addresses were also taken. However, the organization...
Words: 1946 - Pages: 8
...Target Security Breach COM/295 May 17, 2015 Target Security Breach During the 2013 holiday season, hackers infiltrated Targets computer network. With nothing but the wrong doing in their plans, the hackers were able to breach the mainframe and install a malware system that would allow them access to everyone that purchased at Target. Riley (2014) states, the malware, would step in, capture the shopper's credit card number, and store it on a Target server commandeered by the hackers. Target's ethical obligation was to try and investigate all damages caused by the breach to their mainframe. Unfortunately, it seems they were more preoccupied with supplying the public with research on internal procedures as oppose to admitting their failure to respond expeditiously. FireEye (FEYE) which is a fail-safe, was put in place for Targets security system. FEye would inform Bangalore (security specialists for Targets security system in Minneapolis), and Bangalore alerted the corporate team. Nothing was done to avoid the disaster that would be (Riley, 2014). Sadly we'll never get to the bottom of why the flags were ignored in the first place. CEO, Gregg Steinhafel, was interviewed by a CNBC reporter regarding the data breach mishap. The interview took place practically one month after the incident occurred. In my opinion, the interview was useless and unrevealing. "At best, Steinhafel offered a partial explanation of...
Words: 461 - Pages: 2
