Thursday, February 20, 2014

Target: Costly Security Breach (2013)

Controversy
Target Corp. logo
Target was hit hard during the 2013 holiday season. Their system was breached and allowed hackers access to nearly seventy million peoples credit and debit card information. This security breach is one of the largest ever seen. They targeted the magnetic strip on the back of the cards as they were swiped during purchases at Target, allowing them to store a huge database of peoples personal information. Obtained from the cards alone was the person's name, card number, expiration date, and the CVV or security code on the back. They would be able to sell of this information to people via the underground market to make counterfeit functioning credit cards. Also after getting their hands on this personal information hackers could find their addresses and phone numbers as well putting people at an even greater risk of identity theft. These large American retail superstores have become the prime target for hackers. They are well behind the rest of the major countries in security retail purchases. How could this be possible? Arguably the most advanced and powerful country is falling behind technologically.
The truth of the matter is this huge retail industry is reluctant to change its credit card security and has had little incentive to do so. There seems to be too many too many negatives and obstacles to change over to the Chip and Pin payment systems. These more advanced and secure Chip and Pin systems have already been in operation over seas for some time now. How these newer cards work is they now have built in chip chip that is read by the machine rather than the previous magnetic strip. Along with this unique chip the cardholder must enter a pin just like one would do using a debit card. The extremely important factor these cards bring to the table beyond what was previous listed is that the information that would previously be visible is immediately encrypted leaving hackers and unfortunately for the retailers as well with no access to this information. This Chip and Pin method was efficient over in England decreasing their credit card fraud by thirty four percent. That is a pretty good incentive right there, is it not?
Target is one of America's most popular shopping places

The system currently in place not only by Target is cheap and quick. It keeps the lines moving fast, this convenience for stores came at the cost of poor security measures and lack of privacy for the consumers. The stores may seem foolish in this light but it is actually more beneficial to them. They are able to collect your personal information and with a few questions like, "may i have your zip code and email please?". Which customers are more than willing to fork over and the company is able to boost their marketing giving them up to sixty percent higher returns. It seems absurd for them dump this off in order to increase their security measures. The retail and bank industries claim they are both ready to make the big move over to chip and pin credit cards. If both these industries are more than willing to do so, then what is the wait for? Its all one huge game of cat and mouse. They are constantly waiting on one another to implement the system first. Being such a risky and expensive move, if they do not make the leap together someone is going to get hosed.
So ultimately this was bound to happen to one of the retail stores because they are all playing with fire. Target had drawn the short end of the straw so to speak. Where did they go wrong? Everyone else was doing it so why did this happen to them? Who Hacked Target? Targets computer security staff had brought to the attention of the cooperation that their were certain vulnerabilities in their current system. This was done at least two months earlier then the fallout that occurred. Their is evidence to suggest that one security analyst from the Minneapolis Target, which is the main headquarters, claimed that he urged further security review of the system. However this was simply looked over by the upper management. This all happened during the time Target was updating their payment terminals, was short staffed in their IT department and was coming up on the 2013 holiday season, the most profitable time of the year. The hackers were able to bypass Targets security through a HVAC contractor Fazio Mechanical Services access. This contracting services was connected through Targets system because of the maintenance they had been doing for them. They were linked in the networks for billings and contracts. Once the hacker had found an entry it is easy for him to move around undetected.
Target has issued several apologies and compensation for the consumers that were effected by the situation. Their stock had dropped more than one percent and their projected losses for the year is two and a half percent. Around fifty three lawsuits have been filed against the cooperation since the breach. Target is working diligently to make up for their mistake and is looking to take all recommended security measures. The main stakeholders are Target, their shareholders, and the customers that had their personal information stolen.

Analyzing this case with the four main ethical theories, Individualism, Utilitarianism, Kantianism and Virtue theory Target's actions will be seen as ethical or not. Based upon this particular situation Target acted unethically according to all the theory's.

Individualism
Brian Cornell, CEO of Target Corp.

Individualism states that the main goal of a business is to maximize profit for the stakeholders. Approaching Target's case from an Individualist perspective Target was acting to maximize profit. However in doing so the actually lead to their own demise. They chose to keep the current credit card system because it was cheaper and more efficient, this helped boost their profits. Entering the 2013 holiday target was right on track to make an enormous amount of money. So at first Target was acting with in the ethical bounds of an individualist, however it did not turn out this way. Targets overall profits dropped over two percent after the security breach. This is not ideal their shareholders and all the costumers were left uneasy and lacking confidence in the company. Targets stocks dropped a whole one percent directly after the incident. So in the end Target did not act ethically because even tho maximizing their profits was the intention they failed to do so.

Utilitarianism
Utilitarianism main intent is to make everyone happy and wants to do so for the over all good. Target more than clearly would be found to be unethical in the eyes Utilitarianism theory. They accomplished the polar opposite of bringing happiness to everyone and acting in the interest of the overall good. Target had upwards of fifty three lawsuits filed against them and growing. There are millions of unhappy customers who had their information stolen and put at a great risk of identity theft. Target was not making everyone happy but rather just themselves. When doing so they put their cooperation a jeopardy and during such and important time of the year. Cyber criminals hit the jackpot recovering over 70 million different cards number and information. Target was unethical in their decisions but their actions post disaster were in the best interest of the over all good and to make everyone happy. However this was only the aftermath trying to make the best of a bad situation.

Kantianism
A brief timeline of how the hackers broke into Target's Network

Kantianism is based upon making rational decisions and allowing others to do the same for themselves. There is no lying or deceit of any kind and the use of people without their rational consent. Never treating the situation as mere means but rather always as an end. Target was not unaware that updating their terminals left them vulnerable. They simply chose to ignore the risks because the holiday season was upon us and the could not bear to slow down to check every little warning now. It was full steam ahead and they acted with the customers as mere means. Even though head intelligence analyst spoke out about the faults in the system and how it should be reviewed, they chose to brush it off the table. It was not worth their time for they had one goal in their sites and that was to make a killing during the 2013 holidays. This is unethical because they were willing to circumvent the rational consent of the customers using the faulty credit card machines. Target new they could be faulty but allowed the consumers to swipe the cards anyways without any warning. This is seen as impermissible by a Kant because the people need to be given the necessary knowledge to act on their own rational being. Their is no way Target could be seen as ethical from a Kant's perspective because their was a clear violation for their motive for maxim.

Virtue Theory
Virtue Theory focuses on four main characteristics, courage, honesty, self control and fairness. A business must act with the interest of these characteristics in mind. They must be willing to take a stand for the right ideas and actions. Honest in agreements, treatment of employees and with customers. Expectations and desires must be with in reason. Finally they must work hard, produce quality, have good ideas and fair in their practices. Target was not courageous in their actions they merely conformed with the nominal security system they new had its faults. They did act with in reason however because it was not unusual for a company to be using this system in the United States. Nothing seemed out of the ordinary to consumers or cashiers because they were still using the same old equipment that they were used to. This was not fair to the costumers how ever and has never been fair. Target exploits the breach of private information themselves to make a much larger and more efficient marketing scheme. They are more than happy to disclose the personal information that comes up when a credit or debit card is swiped. A Virtue Theorist would see Target as unethical for this course of action and unfair.


References

Kratsas, Gabrielle. "Reports: Target warned before data breach." USA Today. USATODAY, 18 Feb. 2014. Web. 20 Feb. 2014. http://www.usatoday.com/story/money/business/2014/02/14/target-warned-breach/5494911/.

Pagliery, Jose. "Why retailers aren't protecting you from hackers." CNNMoney. Cable News Network, 18 Feb. 2014. Web. 18 Feb. 2014. http://money.cnn.com/2014/02/18/technology/security/retail-hack/index.html.

Wallace, Gregory. "HVAC vendor eyed as entry point for Target breach." CNNMoney. Cable News Network, 6 Feb. 2014. Web. 20 Feb. 2014. http://money.cnn.com/2014/02/06/technology/security/target-breach-hvac/.

Yang, Jia, and Amrita Jayakumar. "Target says up to 70 million more customers were hit by December data breach." Washington Post. The Washington Post, 11 Jan. 2014. Web. 18 Feb. 2014. http://www.washingtonpost.com/business/economy/target-says-70-million-customers-were-hit-by-dec-data-breach-more-than-first-reported/2014/01/10/0ada1026-79fe-11e3-8963-b4b654bcc9b2_story.html.

1 comment:

  1. This comment has been removed by a blog administrator.

    ReplyDelete