Journal of Information Systems Education (JISE)

Volume 29

Volume 29 Number 1, Pages 11-20

Winter 2018


Teaching Case
Security Breach at Target


Miloslava Plachkinova
University of Tampa
Tampa, FL 33606, USA

Chris Maurer
University of Virginia
Charlottesville, VA 22903, USA

Abstract: This case study follows the security breach that affected Target at the end of 2013 and resulted in the loss of financial data for over 70 million customers. The case provides an overview of the company and describes the reasons that led to one of the biggest security breaches in history. It offers a discussion on Target’s vendor management processes and the vulnerability at Fazio Mechanical Services that was among the main causes of the breach. Further, the case introduces the incident response plan implemented by Target and discusses the aftermath of the attack. The lessons learned describe some of the steps the company took to mitigate risks in the future and to strengthen its security posture. While the breach had a significant impact on Target, the organization was able to fully recover from it and develop best practices that are now widely implemented by other retailers. The case is suitable for both undergraduate and graduate students enrolled in information security or information systems courses that discuss vendor management, security incident response, or general security program administration topics.

Keywords: Information assurance & security, Cybersecurity, Case study, Teaching case, Experiential learning & education

Download this article: JISE - Volume 29 Number 1, Page 11.pdf


Recommended Citation: Plachkinova, M. & Maurer, C. (2018). Teaching Case: Security Breach at Target. Journal of Information Systems Education, 29(1), 11-20.