Target Hackers Victimize Third Party
The U.S. Secret Service continues to investigate the payment system security breech that occurred at Target retailers across the nation between Nov. 27 and Dec. 15, 2013. The latest break in the case has identified a commercial HVAC contractor as possibly another victim and the third-party vendor access point to the retailer’s system.
Federal agents visited Fazio Mechanical Services Inc. in Sharpsburg, Pa., and the contractor reportedly cooperated with their requests. Having been publicly identified by independent blogger Brian Krebs, Fazio Mechanical Services released an official statement clarifying the company’s role in this cybersecurity incident.
“Like Target, we are a victim of a sophisticated cyber attack operation,” said Ross Fazio, president and owner of Fazio Mechanical Services. “We are fully cooperating with the Secret Service and Target to identify the possible cause of the breach and to help create proactive initiatives that will further enhance the security of client/vendor connections making them less vulnerable to future breaches.”
Fazio also clarified that Fazio Mechanical does not perform remote monitoring or control of heating, cooling, and refrigeration systems for Target, although multiple news media outlets are reporting this inaccurately according to Fazio’s statement.
“Our data connection with Target was exclusively for electronic billing, contract submission, and project management,” the statement reads. “Target is the only customer for whom we manage these processes on a remote basis. No other customers of ours have been affected by the breach.”
Target is not currently commenting on this development due to the ongoing federal investigation.