Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Case Study: Payment Card Data Breaches Target Corp., a major retailer in the Uni

ID: 3908333 • Letter: C

Question

Case Study: Payment Card Data Breaches Target Corp., a major retailer in the United States, disclosed a breach in December 2013. Global Payments, an Atlanta-based payments processor, disclosed a data breach in March 2012. Research both events and answer the following questions:

B. Global Payments

1. Who first reported the incident?

2. What are the dates associated with the compromise?

3. What information was compromised?

4. How many cardholders were affected?

5. Is there any indication of how the data was acquired?

6. Were losses sustained by any organization other than Global Payments?

7. What type of notification was required?

C. Prior to the breach, Global Payments was a certified Level 1 PCI-compliant organization. Due to the breach, Global Payments was decertified and required to undergo a rigorous recertification process. Should a card data compromise be a trigger for decertification? Why or why not?

Explanation / Answer

Dear Student,

1.The attack on Global came to light in late March, after security blogger Brian Krebs reported that the payments network had been hacked. On April 2, Global acknowledged the breach and confirmed shortly thereafter by major card brands MasterCard and Visa.

2. Visa told the banks that the cards were exposed between Jan. 21 and Feb. 25,

3.Track 2 card data may have been stolen, but that cardholder names, addresses and social security numbers were not obtained by the criminals.

4. 1.5 million card holders were affected.

5. It was an extended breach, meaning the attackers didn’t just get in and get out, but maintained access over a long period of time. Eventually Global Payments caught wind of it and shut them out.

6. Visa took the step over the weekend of distancing itself from Global Payments, by removing the company from its list of those it considers to be compliant service providers.

A card has all the important and personal details including card no. and cvv. Anyone can use the card for any transactions. So the company had to compromise with decertification.

If you like this answer, give a thumbs up! If you have any doubt feel free to revert back, would be happy to help! Happy Learning :)

Related Questions

Case Study: Information Systems SAP Project at NIBCO, Inc. NIBCO established an
Question #3598461
Case Study: Information Systems SAP Project at NIBCO, Inc. NIBCO established an
Question #3601403
Case Study: Information Systems SAP Project at NIBCO, Inc. NIBCO established an
Question #3601825
Case Study: Information Systems SAP Project at NIBCO, Inc. NIBCO had planned to
Question #3590211
Case Study: Information Systems SAP Project at NIBCO, Inc. Three years before NI
Question #3869738
Case Study: Initial history 40-year-old male complaining of substernal chest pai
Question #167873
Case Study: Initial history 40-year-old male complaining of substernal chest pai
Question #318576
Case Study: Intellectual Property John is a web developer. Like many web develop
Question #343999

Navigate

Previous
Case Study: Payment Card Data Breaches Target Corp., a major retailer in the Uni
Next
Case Study: Peptic Ulcers Harold, a fifty-eight year old grocery store manager,