Target Vendor Acknowledges Breach

Company Cites 'Sophisticated Cyber-Attack'
Target Vendor Acknowledges Breach

A refrigeration vendor serving Target Corp. acknowledges that it was breached. The news is significant because Target announced earlier that its massive data breach was the result of hackers stealing electronic credentials from one of its vendors (see: Target Breach: Credentials Stolen).

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

The Target breach compromised as many as 40 million payment card accounts, along with the personal information of about 70 million customers.

In a statement, Fazio Mechanical Services notes, "Like Target, we are a victim of a sophisticated cyber-attack operation. We are fully cooperating with the Secret Service and Target to identify the possible cause of the breach and to help create proactive initiatives that will further enhance the security of client/vendor connections, making them less vulnerable to future breaches."

Target officials declined to comment on Fazio's announcement. "Because this continues to be a very active and ongoing investigation, I don't have additional information to share at this time," a spokesperson told Information Security Media Group.

Fazio Mechanical Services notes in its statement that the firm "does not perform remote monitoring of, or control of, heating, cooling and refrigeration systems for Target. Our data connection with Target was exclusively for electronic billing, contract submission and project management, and Target is the only customer for whom we manage these processes on a remote basis. No other customers have been affected by the breach."

The Fazio statement also notes that the company's IT system and security measures "are in full compliance with industry practices." And the company says it will not offer further comment on the ongoing federal investigation.

Making the Connection

Avivah Litan, an analyst at the consultancy Gartner Research, explains how the breach of the vendor might have paved the way to the Target breach.

"If the [Target] cardholder data environment wasn't sufficiently segmented from the contractor environment, the criminals could have found their way over to the POS systems just by getting into the contractor account," she says.

News of Fazio Mechanical Services being the third-party vendor linked in the Target breach was first reported by security blogger Brian Krebs.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.