HVAC contractor fingered as poorly secured third party at center of Target breach

Late last year retailer Target was hit with a hack that allowed nefarious users into its systems. The hackers made off with details on 70 million customers including credit card numbers and more. Target maintained early on that no debit card PIN numbers were stolen, only to come back later and admit PIN numbers were stolen too.

The hackers didn't directly attack the Target network to gain access, apparently they attacked Target by taking advantage of a poorly secured third party network with access to Target systems. That third party contractor that the hackers took advantage of has now been identified.

The third party is a HVAC firm called Fazio Mechanical Services. Fazio was apparently given access to Target system to help the company control power use and help Target save money. However, the network that Fazio had access to was apparently not secured from the other network systems Target uses.

Perhaps more chilling is the fact that Fazio has a huge list of other major retailers to its credit that could potentially have been attacked the same way including Walmart, Costco, Sam's Club, and more. Reports indicate that the hackers breached Fazio servers around November 15. Hackers are thought to have gained access by monitoring employee logins to gather credentials for its partners like Target. The hackers allegedly uploaded malware to steal credit card numbers to a small number of Target stores to begin with as a test of sorts starting on November 15.

SOURCE: DailyTech