What it is:
A case study analysis of the Target Corporation 2013 data breach, examining how attackers exploited third-party access, weak network segmentation, and inadequate incident response to compromise millions of customer records.
What I did:
Analyzed how attackers gained access through a third-party vendor (HVAC contractor), moved laterally within the network, and deployed point-of-sale malware (BlackPOS) to extract sensitive financial data. Evaluated the organization’s security failures, including lack of network segmentation and failure to act on security alerts, and proposed mitigation strategies such as improved monitoring, segmentation, and security awareness training.
What I learned:
Learned how real-world breaches often result from a combination of technical vulnerabilities and organizational failures. Gained insight into supply chain risks, the importance of network segmentation, and the critical role of timely incident response. Also learned how malware operates within systems to capture sensitive data and how early detection is ineffective without proper action.