Network credentials boosted from a Target contractor specializing in ventilation systems are the way that hackers likely got access to the company.
February 5, 2014 4:33 PM PST
The credentials that hackers used to get into Target’s network appear to have come from a compromised HVAC contractor.
The Target hack that shook the American credit card industry and delivered up to 110 million customer records to the bad guys was reportedly successful thanks to a side-door left open by a Target contractor.
Could electronically controlled drugs reduce side effects?
Target works on security-heavy credit cards, after breach
Justice Department looking into Target data breach
BlackBerry may have some life left with Pentagon order
Verizon buys Intel’s TV business to boost Fios
The hackers were able to get credentials for Target’s network stolen from Fazio Mechanical Services, a heating, ventilation, and air conditioning (HVAC) company, according to independent security reporter Brian Krebs.
They were first used to access Target’s network on November 15, 2013.
Fazio President Ross Fazio told Krebs that the US Secret Service, which customarily investigates these kinds of cases, visited his company’s offices in Sharpsburg, Penn., but that he wasn’t there during the visit.
A fraud analyst with Gartner estimated to Krebs that Target could be forced to pay up to $420 million to cover costs associated with the breach, including noncompliance with credit card network standards, banks reissuing cards, legal fees, credit monitoring, and other costs. Those costs apparently don’t include an upgrade to the more secure chip-and-pin credit cards and card readers.