Cyber Breach at Target | ISM | MCQ with Answer

The Target data breach of 2013 was one of the largest data breaches in U.S. history, exposing sensitive data for 40 million debit and credit card accounts from about 2,000 Target stores. Hackers gained access through a vendor, Fazio Mechanical Services, using phishing emails to steal credentials, which allowed access to Target’s systems. Once inside, hackers used malware on Target’s POS systems to capture customer data from card swipes. Despite warnings from cybersecurity firm FireEye, Target’s security team mistakenly dismissed alerts as false positives.

The breach cost Target around $290 million in settlements, lawsuits, and compensation, and resulted in a significant drop in earnings, reputational damage, and leadership turnover. This incident highlighted critical gaps in cybersecurity practices and underscored the importance of proactive security measures and strong vendor management.

Here is a set of 85 multiple-choice questions with answers.


1. What was the immediate cause of the cyber attack on Target?

  • A. Malware on POS systems
  • B. Phishing emails to Fazio Mechanical Services ✔️
  • C. Hackers directly targeting Target's servers
  • D. Customer data breach from the online portal

2. Fazio Mechanical Services is related to Target as:

  • A. A major customer
  • B. A key competitor
  • C. A vendor ✔️
  • D. An investor

3. How did the hackers gain access to Target’s systems?

  • A. Through direct infiltration
  • B. By using passwords stolen from Fazio Mechanical Services ✔️
  • C. By hacking Target's CEO
  • D. Through online purchases

4. Which of the following types of information was stolen in the Target breach?

  • A. Social Security Numbers and card details ✔️
  • B. Only phone numbers
  • C. Medical records
  • D. Cryptocurrency wallets

5. Which law addresses the safeguards around personal data in India as of 2023?

  • A. Indian Data Protection Act
  • B. Digital Personal Data Protection (DPDP) Act 2023 ✔️
  • C. Cyber Data Protection Act
  • D. Privacy Protection Law 2023

6. The concept of “privacy calculus” refers to:

  • A. The trade-off between personal information shared and benefits received ✔️
  • B. Government control over social networks
  • C. The use of complex passwords
  • D. Keeping data localized

7. What penalty can be levied for failing to take reasonable security safeguards under the DPDP Act 2023?

  • A. Up to Rs 50 crore
  • B. Up to Rs 100 crore
  • C. Up to Rs 250 crore ✔️
  • D. Unlimited fine

8. Which social media platform is known for privacy issues as noted in the case?

  • A. Facebook ✔️
  • B. LinkedIn
  • C. Snapchat
  • D. TikTok

9. Which method did hackers use to collect data from Target’s POS systems?

  • A. Phishing
  • B. Keylogging
  • C. RAM scraping attack ✔️
  • D. Social engineering

10. What is a False Positive in cybersecurity?

  • A. When an alert indicates a threat that does not exist ✔️
  • B. When a real threat goes undetected
  • C. When security is compromised by staff error
  • D. When malware is mistakenly deleted

11. Why was Target’s security alert from FireEye ignored?

  • A. Lack of resources
  • B. It was taken as a False Positive ✔️
  • C. Hackers disabled alerts
  • D. Insufficient staff knowledge

12. Which data breach example exposed 50 million users' personal data?

  • A. Big Basket
  • B. WhatsApp
  • C. Cambridge Analytica ✔️
  • D. Snapchat

13. What was one financial impact on Target due to the data breach?

  • A. Revenue increased due to publicity
  • B. Net income decreased by 50% ✔️
  • C. Lawsuits were avoided
  • D. Stock price was unaffected

14. What is a primary feature of the DPDP Act?

  • A. It only covers non-personal data
  • B. It excludes any penalties
  • C. It focuses on personal data protection ✔️
  • D. It allows unrestricted data storage abroad

15. After the breach, Target’s net income for 2014 dropped to:

  • A. $2,999 million
  • B. $2,500 million
  • C. $1,971 million ✔️
  • D. $1,500 million

16. What is data localization as proposed in the draft data protection bill 2022?

  • A. Requiring companies to store data locally ✔️
  • B. Allowing data transfer only within trusted countries
  • C. Centralized data storage on government servers
  • D. Free movement of data globally

17. Who founded Target?

  • A. George Dayton ✔️
  • B. Sam Walton
  • C. Richard Target
  • D. Bill Gates

18. What was one of the security measures recommended to avoid such cyber-attacks?

  • A. Deactivate security alerts
  • B. Use two-factor authentication ✔️
  • C. Avoid using firewalls
  • D. Increase social media outreach

19. What kind of card data was compromised in the Target breach?

  • A. Only debit cards
  • B. Both debit and credit cards ✔️
  • C. Only gift cards
  • D. Corporate credit cards only

20. How much data was stolen during the breach?

  • A. 5 GB
  • B. 10 GB
  • C. 11 GB ✔️
  • D. 20 GB

21. In 2018, Target ranked ___ on the Fortune 500 list.

  • A. 50
  • B. 45
  • C. 39 ✔️
  • D. 30

22. What was the name of the malware used in Target’s POS systems?

  • A. Trojan Horse
  • B. Citadel ✔️
  • C. Ransomware
  • D. PhishNet

23. Which action can protect against unauthorized system access?

  • A. Saving passwords in the browser
  • B. Clearing browser cookies ✔️
  • C. Using default passwords
  • D. Disabling firewalls

24. Who filed a lawsuit against Target’s board of directors after the breach?

  • A. Customers
  • B. Shareholders ✔️
  • C. Employees
  • D. Competitors

25. Which phrase best represents the lesson from Target’s data breach?

  • A. Technology alone ensures security
  • B. Compliance can replace management
  • C. Technology is useless without proper management ✔️
  • D. Customer service resolves all issues

26. Target ignored which security warning before the breach?

  • A. Website certificate expiration
  • B. An alert from FireEye ✔️
  • C. Customer complaints
  • D. Server error logs

27. Which of the following is NOT a competitor of Target?

  • A. Walmart
  • B. Best Buy
  • C. Kmart
  • D. Amazon ✔️

28. What was the total cost Target incurred due to the breach?

  • A. $250 million
  • B. $162 million
  • C. $290 million ✔️
  • D. $300 million

29. Which department was primarily affected by lawsuits after the breach?

  • A. Sales
  • B. Marketing
  • C. Security and IT ✔️
  • D. Human Resources

30. A critical cybersecurity measure is:

  • A. Storing passwords on paper
  • B. Using complex passwords ✔️
  • C. Removing antivirus software
  • D. Avoiding logouts on shared computers

31. What program did Target offer that involved collecting Social Security Numbers (SSNs)?

  • A. Loyalty Program
  • B. REDCard Program ✔️
  • C. Employee Benefits Program
  • D. Insurance Program

32. How did hackers initially start their attack on Target?

  • A. Installing malware on all Target systems
  • B. Infecting a small number of POS systems ✔️
  • C. Hacking customer email accounts
  • D. Accessing Target’s online store

33. How much did Target pay Visa due to the data breach?

  • A. $40 million
  • B. $100 million
  • C. $67 million ✔️
  • D. $80 million

34. How did Target respond to FireEye's alerts on Nov 30 and Dec 2?

  • A. They took immediate action
  • B. They ignored it, considering it a False Positive ✔️
  • C. They filed a police report
  • D. They increased security personnel

35. Which of the following describes a RAM scraping attack?

  • A. Stealing data stored on servers
  • B. Extracting data from the system memory ✔️
  • C. Phishing for user credentials
  • D. Encrypting data for ransom

36. Target’s REDCard program offered customers:

  • A. Loyalty discounts only
  • B. Store credit and discounts ✔️
  • C. Exclusive products
  • D. Points for online purchases

37. The data breach affected how many Target stores?

  • A. 1,000 stores
  • B. 1,500 stores
  • C. 2,000 stores ✔️
  • D. 3,000 stores

38. How did the hackers initially gain access to customer data?

  • A. By infiltrating email systems
  • B. By installing malware in POS systems ✔️
  • C. Through a security breach in Target’s website
  • D. By manipulating Target’s app

39. Which kind of security software did Fazio use that was unsuitable for corporate use?

  • A. Basic anti-malware software ✔️
  • B. Two-factor authentication software
  • C. High-security firewall
  • D. Encrypted VPN service

40. The breach led to approximately how many lawsuits against Target?

  • A. 50
  • B. 80 ✔️
  • C. 100
  • D. 150

41. What kind of information was collected from the magnetic strip on POS systems?

  • A. Email and phone number
  • B. Debit and credit card information ✔️
  • C. Social media profiles
  • D. Insurance details

42. How much did Target pay MasterCard due to the breach?

  • A. $25 million
  • B. $50 million
  • C. $40 million ✔️
  • D. $30 million

43. What did hackers install to capture payment information at Target?

  • A. VPN filters
  • B. Citadel malware ✔️
  • C. Ransomware
  • D. Email tracking software

44. In the wake of the breach, Target faced fines due to non-compliance with:

  • A. Cybersecurity
  • B. Payment Card Industry (PCI) standards ✔️
  • C. Tax laws
  • D. Employee privacy regulations

45. Target’s security team failed to take action against a warning due to:

  • A. Overconfidence in firewall strength
  • B. Mistaking it for a False Positive ✔️
  • C. Relying on outdated antivirus software
  • D. Inadequate employee training

46. What is one of the key recommendations for companies to avoid similar breaches?

  • A. Store passwords on shared servers
  • B. Implement two-factor authentication ✔️
  • C. Disallow any third-party vendors
  • D. Store data on local servers only

47. Who lost their jobs at Target following the breach?

  • A. CEO and CFO
  • B. CEO and CIO ✔️
  • C. Board of Directors
  • D. Security analysts

48. After the breach, Target faced investigations by:

  • A. FBI and CIA
  • B. Department of Justice ✔️
  • C. International Cyber Crime Agency
  • D. Interpol

49. According to the case study, which of the following is true regarding compliance?

  • A. Compliance is the only measure needed
  • B. Compliance should be supplemented with holistic security measures ✔️
  • C. Compliance ensures complete data protection
  • D. Compliance does not affect cybersecurity

50. What type of customer service did Target display after the breach?

  • A. Exemplary customer service
  • B. Poor customer service ✔️
  • C. Personalized follow-up with customers
  • D. Enhanced customer service standards

51. How many debit and credit card accounts were compromised in the Target data breach?

  • A. 20 million
  • B. 30 million
  • C. 40 million ✔️
  • D. 50 million

52. What was the outcome for Target’s net earnings in the fourth quarter after the breach?

  • A. Increased by 46%
  • B. Decreased by 46% ✔️
  • C. Remained stable
  • D. Rose significantly

53. What could be a cause of False Positives in cybersecurity?

  • A. Incorrect configuration of alerts ✔️
  • B. Lack of security measures
  • C. Insufficient data storage
  • D. Overreliance on management

54. How did shareholders react to the Target breach?

  • A. Filed lawsuits against board members and executives ✔️
  • B. Increased their shares
  • C. Sued competitors
  • D. Increased bonuses for executives

55. The data breach cost Target approximately how much in total?

  • A. $162 million
  • B. $250 million
  • C. $290 million ✔️
  • D. $350 million

56. The DPDP Act of 2023 mainly focuses on:

  • A. Safeguards around non-personal data
  • B. Safeguards around personal data only ✔️
  • C. Trade agreements with other countries
  • D. Social media data privacy

57. What fine amount can be imposed under the DPDP Act, 2023, for failing to prevent personal data breaches?

  • A. Rs 100 crore
  • B. Rs 200 crore
  • C. Rs 250 crore ✔️
  • D. Rs 500 crore

58. Which social media platform was involved in the Cambridge Analytica data breach scandal?

  • A. Twitter
  • B. Facebook ✔️
  • C. Instagram
  • D. LinkedIn

59. What is the privacy concept that involves users assessing the tradeoff between benefits and risks?

  • A. Privacy paradox
  • B. Privacy calculus ✔️
  • C. Data minimization
  • D. Information asymmetry

60. The Target data breach led to how much net income loss from 2013 to 2014?

  • A. Increased by 30%
  • B. Decreased by 34% ✔️
  • C. No change in income
  • D. Increased by 15%

61. In which year was Target ranked 39th on the Fortune 500 list by revenue?

  • A. 2015
  • B. 2018 ✔️
  • C. 2010
  • D. 2020

62. What type of data was primarily compromised in the Target data breach?

  • A. Medical records
  • B. Financial data (credit/debit card information) ✔️
  • C. Social media data
  • D. Employee personal details

63. Which company’s employees unknowingly enabled hackers to gain access to Target’s network?

  • A. FireEye
  • B. Fazio Mechanical Services ✔️
  • C. Visa Inc.
  • D. MasterCard Inc.

64. How was Fazio Mechanical Services compromised?

  • A. Phishing emails ✔️
  • B. Website malware
  • C. Password breach
  • D. Phone hacking

65. Which of the following was a major competitor of Target in the retail sector?

  • A. Sears
  • B. Best Buy
  • C. Walmart ✔️
  • D. Amazon

66. Truecaller is an example of what type of privacy issue?

  • A. Location data misuse
  • B. Social media privacy
  • C. Data sharing and privacy calculus ✔️
  • D. Retail data breach

67. What role did the Indian monitoring team (FireEye) play in the Target breach?

  • A. Conducted POS audits
  • B. Detected the malware and raised an alert ✔️
  • C. Managed customer service
  • D. Provided sales support

68. Target’s security team turned off which critical security feature during the attack?

  • A. Two-factor authentication
  • B. Automatic malware deletion ✔️
  • C. Biometric logins
  • D. Anti-virus software updates

69. Which method is recommended to prevent unauthorized system access?

  • A. Store passwords in browsers
  • B. Use complex passwords and change them often ✔️
  • C. Avoid two-factor authentication
  • D. Keep passwords written in a document

70. What was the approximate amount of data (in GB) stolen in the Target breach?

  • A. 5 GB
  • B. 11 GB ✔️
  • C. 20 GB
  • D. 30 GB

71. What term is used when a system incorrectly identifies a threat that isn’t actually present?

  • A. True Positive
  • B. False Positive ✔️
  • C. False Negative
  • D. True Negative

72. In the Target breach, hackers used a technique that involved collecting data from where?

  • A. Encrypted files
  • B. RAM of POS systems ✔️
  • C. Social media profiles
  • D. Employee databases

73. What was Target’s response to customers immediately after the breach?

  • A. Comprehensive support and information sharing
  • B. Delayed response and incomplete information ✔️
  • C. Full compensation to all customers
  • D. Outsourced communication to third parties

74. What is "data localization" as proposed in the initial drafts of the data protection bill?

  • A. Transferring data to international servers
  • B. Storing data within the country’s borders ✔️
  • C. Limiting data access to foreign companies
  • D. Encrypting all user data

75. Under the DPDP Act, 2023, which data is excluded from the protection requirements?

  • A. Financial data
  • B. Non-personal data ✔️
  • C. Health records
  • D. Social Security data

76. Which company faced a major data breach that exposed 50 million users’ personal data?

  • A. Big Basket
  • B. WhatsApp
  • C. Facebook (Cambridge Analytica) ✔️
  • D. Target

77. What did Target’s shareholders allege in their lawsuit against the board?

  • A. Data was well-protected by Target
  • B. The board failed in their duty to protect customer data ✔️
  • C. The breach was caused by foreign hackers
  • D. Target provided timely breach information

78. How did Target’s data breach impact its quarterly earnings?

  • A. Increased by 50%
  • B. Dropped by 46% ✔️
  • C. No impact on earnings
  • D. Increased by 25%

79. Which act requires companies to take reasonable security safeguards to prevent data breaches?

  • A. Cybersecurity Act, 2022
  • B. Digital Personal Data Protection (DPDP) Act, 2023 ✔️
  • C. Data Integrity Act
  • D. Digital Freedom Act

80. What type of organization-wise activity is recommended post-breach for risk management?

  • A. Daily sales audits
  • B. Regular risk management evaluations ✔️
  • C. Disabling all security alerts
  • D. Customer profiling only

81. What method was initially suggested for data storage in the draft data protection bill of 2022?

  • A. Data encryption only
  • B. Data localization ✔️
  • C. Monthly audits
  • D. Third-party verification

82. Following the breach, Target was also subject to fines for failing to meet:

  • A. Financial reporting standards
  • B. PCI compliance standards ✔️
  • C. International tax regulations
  • D. Marketing ethics standards

83. Who among Target’s executives resigned due to the data breach?

  • A. CFO and COO
  • B. CEO and CIO ✔️
  • C. Marketing head and security chief
  • D. Operations manager and customer relations head

84. What key lesson did the Target data breach highlight for businesses?

  • A. Compliance alone is sufficient for data protection
  • B. Holistic security and active management are essential ✔️
  • C. Data protection is optional for retail businesses
  • D. Cybersecurity is only for technology companies

85. Which popular retail season did the hackers exploit to target POS systems?

  • A. Summer sales
  • B. Holiday shopping season ✔️
  • C. Back-to-school sales
  • D. Black Friday only

You might like

View all
Previous Post Next Post
Share to other apps
Copy Post link