Was Target’s HVAC Vendor the Hackers’ Point of Entry?
DATA LOSS—U.S.February 6, 2014
Target says the initial intrusion into its computer systems in its November breach can be traced back to a third-party vendor. KrebsonSecurity reports the network credentials used to gain access to Target’s system were stolen from its HVAC subcontractor, Fazio Mechanical Services, based in Pennsylvania. A cybersecurity expert said it’s common for large retailers to have a team monitoring energy consumption and temperatures, and they “need to be able to remote into the system” for maintenance. The Secret Service has visited Fazio in connection with the breach. Meanwhile, a study indicates 80 percent of Americans would support a Constitutional amendment on data privacy.