In mid‐December 2013, business managers at the retail mega‐chain Target were busy managing the busiest sales season of the year, just before Christmas. Suddenly, they got an urgent phone call from the U.S. Department of Justice. “You've got a problem,” said the voice on the line. “It looks like your customers' personal data has leaked online, and hackers are using them.” On various sites across the dark web, Target's customers' details were being offered for sale, including their credit card numbers, at $5–$7 a pop.

Target's shocked management tried feverishly to locate the breach and fix it, while trying to keep the embarrassing news under wraps. That attempt failed. On December 18, the independent journalist Brian Krebs broke the story. His report caused an uproar in the media, and the next day, Target was forced to admit that tens of millions of its customers' credit card details had indeed been exposed and stolen. Target's sales started to plummet, exactly at peak sales season. In a desperate attempt to regain his customers' trust, Target CEO Greg Steinhafel announced a 10% discount for all customers. It was no use. The company's profits collapsed, in the middle of the holiday season, by 46%.

The scandal did not die down. It turned out that the hackers had stolen no fewer than 40 million credit card details and the personal data of 70 million customers. The company lost not only missed sales revenues' by February 2014, ...