Target says criminals attacked with credentials stolen from vendor

BOSTON Wed Jan 29, 2014 6:33pm EST

The sign outside the Target store is seen in Arvada, Colorado January 10, 2014. REUTERS/Rick Wilking

The sign outside the Target store is seen in Arvada, Colorado January 10, 2014.

Credit: Reuters/Rick Wilking

Related Video

Related Topics

BOSTON (Reuters) - Target Corp said on Wednesday that the cyber criminals who breached its system used credentials they stole from one of the retailer's vendors.

"The ongoing forensic investigation has indicated that the intruder stole a vendor's credentials, which were used to access our system," Target spokeswoman Molly Snyder said in a statement.

She declined to elaborate on what type of credentials were taken from the vendor.

(Reporting by Jim Finkle. Editing by Andre Grenon)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (5)
drdhesq wrote:
So, did the vendor have access to all the credit cards information?

Jan 29, 2014 7:58pm EST  --  Report as abuse
drdhesq wrote:
So, did the vendor have access to all the credit cards information?

Jan 29, 2014 8:00pm EST  --  Report as abuse
bikeamtn wrote:
One’s personal data is extremely valuable and loss of such not only can be financially damaging but can being repeated threats upon one’s identity for years.
For more information on how a data breach can impose long-term identity threats for individuals and their families, Google; MyStolenID org.

It is incomprehensible that we’ve been using this technology for this long and have not yet made the loss of privacy and personal identity date by commercial entities punishable as in the case of the HIPAA Privacy Act for example; SEE: the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the HIPAA Breach Notification Rule, which requires covered entities and business associates to provide notification following a breach of unsecured protected health information.

Jan 29, 2014 11:28pm EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.