Cybersecurity

Our Cybersecurity team ensures Target and our guests are protected 24/7 against cybercriminals and fraudsters. Every day our team of in-house experts analyze the latest threats, assess risk, engineer innovative solutions, and operate our Cyber Fusion Center around the clock to investigate and respond to potential attacks. As an industry-recognized leader in threat intelligence sharing, collaborative partnerships, and talent development, we take pride in seeing our impact extend well beyond Target to help create a safer future for all.

Recent blogs

  • graphic describing the three ways in which cyber capabilities apply to ORC - research the adversary, prevent and detect attacks, and investigate and respond

    Applying Cyber Principles to Combatting Organized Retail Crime

    August 29, 2023
    By Jodie Kautt
    How Target's cyber team collaborates to combat fraud
  • Target's patented EasySweep skimmer detection device, shown with a payment terminal that is safe to use, and one with a skimming device installed that puts guest data at risk

    Target's EasySweep – Simplifying Skimmer Detection for All

    July 18, 2023
    By Terry Woodman
    Target's patented EasySweep device protects guests' data from skimmers.
  • Identity Management Day 2023 logo on the left with round fingerprint-like design behind the words, and headshot of Target Senior Director of Cyber Solutions Tom Sheffield who is pictured smiling wearing a blue button down shirt and gray blazer against a red couch, with red carpet and atrium in the background

    Moving from "Or" to "And"

    April 11, 2023
    By Tech @ Target
    Interview with Senior Director Tom Sheffield to explore what Identity Management means at Target.
  • Target Cybersecurity Analyst Dat Dang, pictured smiling against a corporate conference room background, wearing eyeglasses, a button-down shirt, and navy blue blazer

    "Friday Five" - Featuring Dat Dang, Lead Cybersecurity Analyst

    March 3, 2023
    By Tech @ Target
    Profile of Target Lead Cybersecurity Analyst Dat Dang
  • status page screenshot from Gogs showing a Docker pipeline with a malicious config file called "evil.local:8080/payload"

    CI/CD Pipeline Incident Response

    February 16, 2023
    By Kyle Shattuck and Brandon Ingalls
    An actionable incident response playbook for your CI/CD pipeline.
  • light purple rectangle with five white circles in a horizontal line, each with a white icon inside. From left to right, icons include a sheet of paper with lines, a gear with tools against a browser window, a large white robot, a screen with circular arrows, and a check mark in a white circle

    Synthetics: Continuous Assurance of Detection Components

    December 13, 2022
    By Paul Hutelmyer
    This post provides a solution for utilizing synthetic events for the purpose of validating signature integrity and functionality, with the goal of achieving continuous assurance of a system’s detection signatures.
  • Target tech x BUiLT: Technical Mentorship, Reimagined

    November 17, 2022
    By Nii Quarshie and Brenda Bjerke
    How two Target cybersecurity team members reimagined their mentorship relationship and what they learned
  • Camp Cyber logo with a line drawing of a nighttime camping scene, and "Camp Cyber" written in letters that look like logs, next to headshot of Target CISO Rich Agostino

    Cybersecurity “State of the State”

    November 4, 2022
    By Tech @ Target
    October is Cybersecurity Awareness Month, recognized annually in the United States since 2004 as an opportunity to educate people about steps they can take to enhance the security of their digital worlds.
  • a series of five white icons in circles on a lavender background, from the far left icons picture a device that appears to have a variety of connections to it, an icon of a sheet of paper with lines on it, a cute dog icon with a space helmet, a sheet of paper with a magnifying glass above it, and an icon of a browser window

    Strelka: Real-Time Threat Hunting Scanner

    August 24, 2022
    By Paul Hutelmyer
    Strelka is a real-time, container-based, file scanning system used for threat hunting, threat detection, and incident response, built by our Target cybersecurity team.
  • Target store team member pictured wearing a Santa hat with holiday decor shelves behind him. The team member is showing something on a device to a young girl with a light purple coat on, and she looks surprised and happy

    Meet Merry Maker: How Target Protects Against Digital Skimming

    February 1, 2022
    By Chris Carlson
    Credit card skimmers are custom-made additions to payment devices (like ATMs or gas pumps) that criminals build and use to steal a consumer’s payment information.
  • screenshot of code snippet describing a payload wallet rule with Eric Brandel listed as author

    Behind the Scenes of Merry Maker

    February 1, 2022
    By Eric Brandel and Caleb Walch
    We recently introduced Target’s cybersecurity tool “Merry Maker” and open sourced the framework to help others protect against digital skimming.
  • Diagram of a Vulnerable Container scenario with the following text included: "For this scenario, an attacker sees a node that is vulnerable that they then leverage which gives them access to a container for further actions. The root cause could be the code in the repository has a vulnerability." Below this text is a diagram of a web application firewall. Below this is a thick blue line under which is written: "Analysis and Containment. The largest hurdle around containment is the timing it takes for everything to come together; for this scenario the items detailed below would all have to come together in order to achieve containment of what is known. Analysis and containment actions: A. Isolation of the impacted container(s), begin analysis of attacker actions to then take containment and remediation steps. This part is very important as you want to reduce further impact, know what happened, and what to address next. B. Identify attacker behavior, C. Deploy alerting and/or blocking mechanisms for identified attacker, D. Review of the code for the vulnerabilities, to then fix, E. Deploy fixed containers, F. Remediation of removal of remaining vulnerable container(s) without causing business impact.

    Container Analysis and Containment

    October 19, 2021
    By Kyle Shattuck
    When containers become unhealthy in production environments, a nuclear action is often the best option. When it comes to a security alert however, a different approach is needed.
  • screenshot showing a screen of code representing "Execute Kafka-DB test" that was run 14 minutes ago and lasted for 2 minutes, 56 seconds. the code on the screen shows the initialization of the process and successful test process completing

    Using Drone for Automated Integration Testing

    May 20, 2019
    By Pam Vermeer and Pat Moberg
    Our team developed a service that reads from a Kafka topic, interacts with a Postgres database using basic CRUD operations, and calls APIs on an external service.
  • four Target engineers pictured in discussion sitting around an office conference room table, with laptops open

    Target Finds Cross-Site Scripting in Microsoft SharePoint

    March 15, 2019
    By Sydney Delp, Jamie Feist, and Steven Kaun
    During a recent penetration test, Target's Security Testing Services team found that Microsoft's SharePoint was vulnerable to a unique attack that, unlike typical cross-site scripting, could be exploited without any interaction from the victim user.