An example of bad online behavior occurred in 2013 when Target Corporation was the target of a data breach. The data breach impacted 41 million accounts. The cyber attackers responsible for the data breach stole information through a 3rd party vendor. With the information that they stole from the 3rd party vendor, they were able to gain access to a customer service database. Once they gained access, they installed malware on the system. As a result, names, telephone numbers, email addresses, credit card numbers, verification codes and other private data became exposed. After the security breach, Target offered customers free credit monitoring services. In addition to credit monitoring, they agreed to pay up to 10K to customers with evidence of financial loss as a result of the data breach. Target was part of a 10-million-dollar lawsuit and has paid 18.5 million in damages. To prevent another data breach from occurring they implemented an independent security expert, maintain data security software on their companies’ network, keep cardholder data on a separate network, change passwords frequently, and require 2-factor authentication. The data breach affected the company’s reputation, the following year sales were down 40 percent according to a New York Times article. The hacker responsible for creating the software used in the Target Breach was sentenced to 14 years in prison.
If I had my own business, I would implement the security measures that Target adopted after the breach, I would have two-factor authentication, frequent password changes, sensitive information stored on a different network, and the best security software that I could get.
https://www.nytimes.com/2014/02/27/business/target-reports-on-fourth-quarter-earnings.html
https://www.washingtonpost.com/local/public-safety/hacker-linked-to-target-data-breach-gets-14-years-in-prison/2018/09/21/839fd6b0-bd17-11e8-b7d2-0773aa1e33da_story.html