WEDNESDAY Feb 6 The Target Corp hackers
managed to break into its payments network by first breaching a
"data connection" between the U.S. retailer and its heating and
ventilation systems contractor, a representative for the
contractor said on Thursday.
The data connection was used by the vendor, Fazio Mechanical
Services, to bill Target and exchange contract and project
management information with the retailer, according to Dick
Roberts, a public relations representative for Fazio.
Target, the third-largest U.S. retailer, has said the
hackers stole about 40 million credit and debit card records, as
well as personal information, such as addresses and phone
numbers, belonging to about 70 million customers.
Target spokeswoman Molly Snyder declined on Thursday to
comment on the company's vendor relationships or to provide an
update. "This is an active and ongoing investigation. I don't
have additional details to share at this time," she said.
Last week, Target said the theft of a vendor's credentials
had helped cyber criminals pull off the massive data breach,
which occurred during the holiday shopping season in late 2013.
Target did not identify the vendor.
The U.S. Secret Service is investigating the Target attack,
and said on Wednesday that its agents had visited the offices of
Fazio Mechanical Services, based in Sharpsburg, Pennsylvania.
Fazio does not believe the hackers breached any data or data
connections involving any of its other customers, Roberts said.
Ross E. Fazio, president and owner of Fazio Mechanical
Services, said in a statement that his company was "fully
cooperating" with Target and the Secret Service "to identify the
possible cause of the breach."
Fazio provides Target with heating, ventilation and air
conditioning services, which are maintained physically. Fazio
did not monitor these systems by remote control, Roberts said.