Target — Certified Compliant, Breached Eight Weeks Later episode artwork

EPISODE · May 22, 2026 · 27 MIN

Target — Certified Compliant, Breached Eight Weeks Later

from Zero Day Logs · host ZDL

On September 20, 2013, Target Corporation was certified compliant with the Payment Card Industry Data Security Standard. Eight weeks later, malware was running on nearly every cash register in the company's 1,793 stores.This episode traces the full attack path — from a stolen HVAC contractor password to 40 million compromised payment cards — and examines why every control that could have stopped the breach already existed in published security guidance years before it happened.We cover: the Fazio Mechanical entry point, the network segmentation gap, how BlackPOS exploited the moment card data exists as plaintext in RAM, why FireEye's alerts went unacknowledged for 12 days, the exfiltration architecture that moved stolen data through three countries during peak shopping hours, and the compliance paradox at the center of it all.Full technical breakdown: zerodaylogs.comPrimary sources: U.S. Senate Commerce Committee "Kill Chain" analysis, Target SEC filings, multistate AG settlement, NIST and PCI-DSS standards.

On September 20, 2013, Target Corporation was certified compliant with the Payment Card Industry Data Security Standard. Eight weeks later, malware was running on nearly every cash register in the company's 1,793 stores. This episode traces the full attack path — from a stolen HVAC contractor password to 40 million compromised payment cards — and examines why every control that could have stopped the breach already existed in published security guidance years before it happened. We cover: t...

NOW PLAYING

Target — Certified Compliant, Breached Eight Weeks Later

0:00 27:22

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Zero Day Logs?

This episode is 27 minutes long.

When was this Zero Day Logs episode published?

This episode was published on May 22, 2026.

What is this episode about?

On September 20, 2013, Target Corporation was certified compliant with the Payment Card Industry Data Security Standard. Eight weeks later, malware was running on nearly every cash register in the company's 1,793 stores.This episode traces the full...

Can I download this Zero Day Logs episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!