A cybercriminal group from Eastern Europe using the "BlackPOS" malware.
Malware was installed on Target’s POS systems, stealing credit and debit card data of 40 million customers and personal data of 70 million more.
November - December 2013, affecting Target stores across the U.S.
The motive was financial gain, selling stolen credit card data on the dark web.
Hackers used a third-party vendor’s credentials to access Target’s network, installed malware, and exfiltrated data.
Target faced over $200 million in losses, lawsuits, and reputation damage. The CEO resigned.
Strengthened PCI compliance, improved monitoring, and adoption of chip-based EMV cards.