Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Hackers used HVAC vendor’s credentials to break into Target: report

Hackers used HVAC vendor’s credentials to break into Target: report 

The hackers then used those credentials to break into Target’s network.

The retailer confirmed last week that the breach was caused by stolen credentials from a vendor, though at the time it declined to specify exactly which vendor was involved.

Sources have informed Krebs that the vendor in question, Pennsylvania-based Fazio Mechanical Services, was contracted in the past by Target to deliver heating, ventilation and air conditioning (HVAC) services at a number of its locations.

As Krebs points out, it is “not immediately clear why Target would have given an HVAC company external network access, or why that access would not be cordoned off from Target’s payment system network.”

Other sources have speculated that Fazio was given credentials to remotely monitor and fix glitches in the refrigeration system.

In addition to its work with Target, Fazio Mechanical has done HVAC projects for a number of Trader Joe’s, Whole Foods, and BJ’s Wholesale Club locations in Pennsylvania, Maryland, Ohio, Virginia, and West Virginia.

The entire report can be accessed at Krebs’ website.

Related posts