EPISODE · May 22, 2026 · 27 MIN
Target — Certified Compliant, Breached Eight Weeks Later
from Zero Day Logs · host ZDL
On September 20, 2013, Target Corporation was certified compliant with the Payment Card Industry Data Security Standard. Eight weeks later, malware was running on nearly every cash register in the company's 1,793 stores.This episode traces the full attack path — from a stolen HVAC contractor password to 40 million compromised payment cards — and examines why every control that could have stopped the breach already existed in published security guidance years before it happened.We cover: the Fazio Mechanical entry point, the network segmentation gap, how BlackPOS exploited the moment card data exists as plaintext in RAM, why FireEye's alerts went unacknowledged for 12 days, the exfiltration architecture that moved stolen data through three countries during peak shopping hours, and the compliance paradox at the center of it all.Full technical breakdown: zerodaylogs.comPrimary sources: U.S. Senate Commerce Committee "Kill Chain" analysis, Target SEC filings, multistate AG settlement, NIST and PCI-DSS standards.
What this episode covers
On September 20, 2013, Target Corporation was certified compliant with the Payment Card Industry Data Security Standard. Eight weeks later, malware was running on nearly every cash register in the company's 1,793 stores. This episode traces the full attack path — from a stolen HVAC contractor password to 40 million compromised payment cards — and examines why every control that could have stopped the breach already existed in published security guidance years before it happened. We cover: t...
NOW PLAYING
Target — Certified Compliant, Breached Eight Weeks Later
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m