Hackers may have used Pa. company to hit Target - 21 News Now, More Local News for Youngstown, Ohio -

Hackers may have used Pa. company to hit Target

Posted: Updated:

NEW YORK (AP) - The hackers who stole millions of customers' credit and debit card numbers from Target may have used a Pittsburgh-area heating and refrigeration business as the back door to get in.

If that was, in fact, how they pulled it off - and investigators appear to be looking at that theory - it illustrates just how vulnerable big corporations have become as they expand and connect their computer networks to other companies to increase convenience and productivity.

Fazio Mechanical Services Inc., a contractor that does business with Target, said in a statement Thursday that it was the victim of a "sophisticated cyberattack operation," just as Target was. It said it is cooperating with the Secret Service and Target to figure out what happened.

The statement came days after Internet security bloggers identified the Sharpsburg, Pa., company as the third-party vendor through which hackers penetrated Target's computer systems.

Target has said it believes hackers broke into its vast network by first infiltrating the computers of one of its vendors. Then the hackers installed malicious software in Target's checkout system for its estimated 1,800 U.S. stores.

Experts believe the thieves gained access during the busy holiday season to about 40 million credit and debit card numbers and the personal information - including names, email addresses, phone numbers and home addresses - of as many as 70 million customers.

Cybersecurity analysts had speculated that Fazio may have remotely monitored heating, cooling and refrigeration systems for Target, which could have provided a possible entry point for the hackers. But Fazio denied that, saying it uses its electronic connection with Target to submit bills and contract proposals.

The new details illustrate what can go wrong with the far-flung computer networks that big companies increasingly rely on.

"Companies really have to look at the risks associated with that," said Ken Stasiak, CEO of SecureState, a Cleveland firm that investigates data breaches. Stasiak said industry regulations require companies to keep corporate operations such as contracts and billing separate from consumer financial information.

Stasiak emphasized that the thieves would have still needed to do some serious hacking to move through Target's network and reach the checkout system.

Chester Wisniewski, an adviser for the computer security firm Sophos, said that while it may seem shocking that Target's systems are that connected, it is a lot cheaper for a company to manage one network rather than several.

He added that while retailers are supposed to keep consumer information separate, they are not required to house it on a separate network.

Still, he said he was extremely surprised to hear that the hackers may have gotten in via a billing system, saying those kinds of connections are supposed to provide extremely limited access to the other company's network.

As a result, while the hackers were clearly talented, it's obvious something went wrong on Target's end, he said.

"If normal practices were followed, they wouldn't have been able to get access," Wisniewski said.

Secret Service spokesman Brian Leary confirmed that investigators are looking into the attack at Fazio Mechanical Services, but wouldn't provide details. Molly Snyder, spokeswoman for Minneapolis-based Target, would not comment.

Federal prosecutors in Pittsburgh referred calls to their counterparts in Minnesota, who would not discuss the investigation.

In the weeks since Target disclosed the breach, banks, credit unions and other card companies have canceled and reissued cards, closed accounts and refunded credit card holders for transactions made with the stolen data.

The Consumer Bankers Association said that its members have replaced over 17.2 million debit and credit cards as a result of the Target breach, at a cost of over $172 million.

Target has said its customers won't be responsible for any losses.

___

AP reporter Joe Mandak reported from Pittsburgh.

Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

  • Ohio/Pennsylvania NewsMore>>

  • Officials beg pastor, strip club owner to end feud

    Officials beg pastor, strip club owner to end feud

    Sunday, September 14 2014 4:43 PM EDT2014-09-14 20:43:11 GMT
    COSHOCTON, Ohio (AP) - Officials are pleading for a pastor and an Ohio strip club owner to stop weekly protesting of each other's establishments over a years-long feud. The Coshocton Tribune reports the letter to New Beginnings Ministries Pastor Bill Dunfee and strip club owner Thomas George was signed by the city law director, the county prosecutor and the sheriff. Dunfee and men from the Warsaw church have protested outside the Foxhole North strip club in New Castle. The business has respo...More >>
    COSHOCTON, Ohio (AP) - Officials are pleading for a pastor and an Ohio strip club owner to stop weekly protesting of each other's establishments over a years-long feud. The Coshocton Tribune reports the letter to New Beginnings Ministries Pastor Bill Dunfee and strip club owner Thomas George was signed by the city law director, the county prosecutor and the sheriff. Dunfee and men from the Warsaw church have protested outside the Foxhole North strip club in New Castle. The business has respo...More >>
  • Ohio Supreme Court heads to northeastern Ohio

    Ohio Supreme Court heads to northeastern Ohio

    Sunday, September 14 2014 4:40 PM EDT2014-09-14 20:40:56 GMT
    The state Supreme Court will hear a set of cases in a northeastern Ohio high school as justices conduct one of their biannual off-site sessions.More >>
    The state Supreme Court will hear a set of cases in a northeastern Ohio high school as justices conduct one of their biannual off-site sessions.
    More >>
  • Pregnant woman fatally shot; newborn critical

    Pregnant woman fatally shot; newborn critical

    Sunday, September 14 2014 4:35 PM EDT2014-09-14 20:35:12 GMT
    PHILADELPHIA (AP) - Authorities in Philadelphia say a pregnant woman died after being hit by gunfire, and her newborn is in critical condition. Police say doctors were able to deliver the woman's full-term baby by cesarean section on Sunday. The mother did not survive. Police say the woman was shot in the face Sunday morning in the Frankford section of the city. Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.More >>
    PHILADELPHIA (AP) - Authorities in Philadelphia say a pregnant woman died after being hit by gunfire, and her newborn is in critical condition. Police say doctors were able to deliver the woman's full-term baby by cesarean section on Sunday. The mother did not survive. Police say the woman was shot in the face Sunday morning in the Frankford section of the city. Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.More >>
Powered by WorldNow
All content © Copyright 2000 - 2014 Worldnow and WFMJ. All Rights Reserved. For more information on this site, please read our Privacy Policy and Terms