The Target breach, and the 70 million financial accounts stolen in the heist that followed, were both sourced from a refrigeration supplier to the multinational big box store, according to latest reports.
Fazio Mechanical Services was initially targeted as a conduit to the POS systems at Target, allowing hackers to gain access to the credentials necessary to break in and place their malware on the central network. From here the program was automatically able to spread to stores around the country, covertly skimming and recording the data of millions of cards a day as they were swiped through Target’s registers.
Reports first surfaced last week that the leak may have been due to one of Target’s suppliers, with Brian Krebs coming forward to name Maryland-based refrigerator manufacturer Fazio as the culprit in the credit caper.
From the layman’s point of view Target certainly looks dedicated to the progress they’ve made on the security front in the past few months, including the advanced rollout of their new REDCards which will feature self-encrypting computer chips included on every reissued CC.
“We are fully cooperating with the Secret Service and Target to identify the possible cause of the breach and to help create proactive remedies to enhance the security of client/vendor connections to make them less vulnerable to future breaches.”
The company normally specializes in servicing and installing refrigeration units for Target store locations, and has told The Register they were able to access sensitive portions of their network to manage contract submissions, electronic billing, and project management services.
“Like Target, we are a victim of a sophisticated cyber attack operation,” said president and owner Ross Fazio.