Here's the Company That Caused the Target Hack  

The Citizen's Guide to the Future
Feb. 6 2014 11:41 AM

Target's Heating and Refrigeration Company Gave Hackers the Key to Customer Data

183983968-customer-shops-for-groceries-at-a-target-store-on
One of the companies Target uses for HVAC and refrigeration work had login credentials for Target's central network that hackers used in their November attack.

Photo by Scott Olson/Getty Images

The massive Target data breach is a symbol of the need for tighter data security in big retail chains, but it's also still an evolving story in its own right. The hackers were able to infiltrate Target's system by stealing login credentials from a third-party contractor, so they could just waltz right in. And now Krebs on Security is reporting that Fazio Mechanical Services, an HVAC and refrigeration company, was the weak link.

The company, based in Sharpsburg, Pa., does regular work for Target stores. Its president, Ross Fazio, confirmed that the Secret Service paid his company a visit about the Target situation, though he was out at the time. Fazio Vice President Daniel Mitsch wouldn't say anything more about the visit. Target spokeswoman Molly Snyder declined to comment to Krebs on Security because of a "very active and ongoing investigation" into the breach.

Advertisement

According to its website, Fazio Mechanical has also done work at various times for Trader Joe’s, Whole Foods, and BJ’s Wholesale Club locations in Pennsylvania, Maryland, Ohio, Virginia, and West Virginia. So could the problem be larger than just Target? It's not yet known why Fazio had remote access to Target's network, especially the payment system network, but Krebs on Security spoke to a cybersecurity expert who suggested that Target may have given the company access so it could do energy-consumption monitoring to regulate the ambient temperature in stores so customers wouldn't be uncomfortably hot or cold.

Though there's no more information right now about what happened, Fazio seems like it is not directly to blame, since Target made its systems vulnerable by providing at least one contractor with remote access to systems that it didn't need, in addition to the ones it did. HVAC and refrigeration are crucial services to Target, but this was probably an unnecessary vote of confidence.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.

TODAY IN SLATE

Sports Nut

Grandmaster Clash

One of the most amazing feats in chess history just happened, and no one noticed.

The Extraordinary Amicus Brief That Attempts to Explain the Wu-Tang Clan to the Supreme Court Justices

Amazon Is Officially a Gadget Company. Here Are Its Six New Devices.

Do the Celebrities Whose Nude Photos Were Stolen Have a Case Against Apple?

The NFL Explains How It Sees “the Role of the Female”

Future Tense

Amazon Is Now a Gadget Company

Food

How to Order Chinese Food

First, stop thinking of it as “Chinese food.”

Scotland Is Inspiring Secessionists Across America

The Country Where Women Aren’t Allowed to Work Once They’re 36 Weeks’ Pregnant

The XX Factor
Sept. 18 2014 11:40 AM The Country Where Women Aren’t Allowed to Work Once They’re 36 Weeks’ Pregnant
Moneybox
Sept. 17 2014 5:10 PM The Most Awkward Scenario in Which a Man Can Hold a Door for a Woman
  News & Politics
The World
Sept. 18 2014 1:34 PM Americans Fault Obama for Giving Them Exactly the Anti-ISIS Strategy They Want
  Business
Moneybox
Sept. 18 2014 2:49 PM Amazon’s Carrier Billing Lets You Pay for Digital Purchases in Your Monthly Phone Bill
  Life
Doonan
Sept. 18 2014 2:00 PM On the Death of My Homophobic Dog I named him Liberace, but I couldn’t have chosen a less appropriate namesake for this coarse, emotionally withholding Norwich terrier.
  Double X
The XX Factor
Sept. 18 2014 12:03 PM The NFL Opines on “the Role of the Female”
  Slate Plus
Behind the Scenes
Sept. 18 2014 1:23 PM “It’s Not Every Day That You Can Beat the World Champion” An exclusive interview with chess grandmaster Fabiano Caruana.
  Arts
Brow Beat
Sept. 18 2014 2:32 PM Kern Your Enthusiasm: The Friendliness of Chicago
  Technology
Future Tense
Sept. 18 2014 2:39 PM Here's How to Keep Apple From Sharing Your iPhone Data With the Police
  Health & Science
Bad Astronomy
Sept. 18 2014 7:30 AM Red and Green Ghosts Haunt the Stormy Night
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.