The massive Target data breach is a symbol of the need for tighter data security in big retail chains, but it's also still an evolving story in its own right. The hackers were able to infiltrate Target's system by stealing login credentials from a third-party contractor, so they could just waltz right in. And now Krebs on Security is reporting that Fazio Mechanical Services, an HVAC and refrigeration company, was the weak link.
The company, based in Sharpsburg, Pa., does regular work for Target stores. Its president, Ross Fazio, confirmed that the Secret Service paid his company a visit about the Target situation, though he was out at the time. Fazio Vice President Daniel Mitsch wouldn't say anything more about the visit. Target spokeswoman Molly Snyder declined to comment to Krebs on Security because of a "very active and ongoing investigation" into the breach.
According to its website, Fazio Mechanical has also done work at various times for Trader Joe’s, Whole Foods, and BJ’s Wholesale Club locations in Pennsylvania, Maryland, Ohio, Virginia, and West Virginia. So could the problem be larger than just Target? It's not yet known why Fazio had remote access to Target's network, especially the payment system network, but Krebs on Security spoke to a cybersecurity expert who suggested that Target may have given the company access so it could do energy-consumption monitoring to regulate the ambient temperature in stores so customers wouldn't be uncomfortably hot or cold.
Though there's no more information right now about what happened, Fazio seems like it is not directly to blame, since Target made its systems vulnerable by providing at least one contractor with remote access to systems that it didn't need, in addition to the ones it did. HVAC and refrigeration are crucial services to Target, but this was probably an unnecessary vote of confidence.
TODAY IN SLATE
One of the most amazing feats in chess history just happened, and no one noticed.
Amazon Is Officially a Gadget Company. Here Are Its Six New Devices.
Do the Celebrities Whose Nude Photos Were Stolen Have a Case Against Apple?
The NFL Explains How It Sees “the Role of the Female”
Amazon Is Now a Gadget Company
How to Order Chinese Food
First, stop thinking of it as “Chinese food.”