Computerworld — A recent edition of the Computerworld Security Daily Newsletter contained no fewer than four articles discussing the data breach at Target, which was first disclosed way back in December. What exactly happened to Target remains a matter of great interest.
What's being said about the hack is that it was enabled by a single point of failure. The blame is pinned on unstoppable malware on the point-of-sale (POS) systems or, alternatively, on a compromise of an HVAC contractor's credentials. Either way, Target wants you to believe that the chain was exactly what its name implies: the target of a highly sophisticated attacker.
But the truth is that systematic failures, and not a single point of failure, led to the Target hack. No single vulnerability was exploited. There were vulnerabilities throughout Target's security architecture that led to the theft of 110 million payment card numbers, along with the personally identifiable information of most of the affected cardholders.