Blog

How An HVAC Company Helped a Massive Target Hack

The Details Behind Stolen Target Data

targetBack in December, Target Corporation announced that their global chain of stores had fallen victim to a massive data hack: Between November 27th and December 15th, hackers stole information from around 40 million credit and debit cards and, like many other data breaches, many wondered how this was possible.

It turns out that an HVAC company helped make it happen.

Fazio Mechanical Services is a company based in Sharpsburg, Pennsylvania that specializes in heating, ventilation, and air conditioning. Fazio offers its HVAC services to a number of different stores including Trader Joe’s, BJ’s, Whole Foods, and Target; the company allegedly had access to the Target’s network so that it could track energy usage and diagnose any problems that may arise.

On November 15th, hackers stole Fazio’s username and password and were able to gain access to Target’s network, which housed the names, addresses, and email addresses of around 70 million people. They first tested their malware program on a few different registers and after it proved successful, the hackers implemented the software on Target’s Point of Sales (POS) systems. This software affected Targets all over the U.S., Russia, and Brazil.

According to The New York Times, this software was so thorough, it continued to show up on registers up to three days after the company thought it was removed.┬áIt’s estimated that Target could have lost up to $420 million because of this hack.

This just goes to show that cyber security is important. You never know when or how your data network could be breached.