Nation & World News

U.S. HVAC Firm Reportedly Linked To Target’s Data Security Breach

By Bill Chappell on February 5th, 2014

Hackers who broke into Target’s computer network and stole customers’ financial and personal data used credentials that were stolen from a heating and air conditioning subcontractor in Pennsylvania, according to digital security journalist Brian Krebs.

Target did not confirm Krebs’ version of events when he presented his story to the giant retailer, citing the ongoing inquiry into how credit card data was stolen. Krebs cites anonymous sources and a confirmation of a visit from federal officials to the HVAC company:

“Sources close to the investigation said the attackers first broke into the retailer’s network on Nov. 15, 2013 using network credentials stolen from Fazio Mechanical Services, a Sharpsburg, Penn.-based provider of refrigeration and HVAC systems.

“Fazio president Ross Fazio confirmed that the U.S. Secret Service visited his company’s offices in connection with the Target investigation, but said he was not present when the visit occurred.”

As for why an air conditioning company might need access to Target’s computer network, a security expert tells Krebs that retailers sometimes grant such access to let vendors make changes and adjustments remotely, in order to cut heating and cooling costs.

In tweets following publication of his story today, Krebs said it’s possible that Target’s customer information was segmented away from other areas of its network, to prevent unauthorized access to sensitive financial data — but the hackers figured out a way to get to that data.

In recent months, Target and Neiman Marcus have headlined a list of companies reporting data breaches. The stories have led Congress to look at how to prevent such incursions, as Elise Hu reported for NPR’s All Tech Considered earlier today.

Her story includes this quote from Sen. Al Franken, D-Minn.:

“Right now there’s no federal law setting out clear security standards that merchants and data brokers need to meet, and there’s no federal law requiring companies to tell their customers when their data has been stolen.”

Copyright 2014 NPR. To see more, visit http://www.npr.org/.

This entry was posted in News from NPR. Bookmark the permalink.
  • Sandra P

    Are tickets being distributed today? The time, but not date, of distribution is written above.

 

More Stories in News from NPR

FIFA President Sepp Blatter attends a press conference in Jerusalem on May 19.

Amid Corruption Scandal, FIFA Will Hold Presidential Election

The Swiss Joseph “Sepp” Blatter, who has been FIFA’s chief since 1998, is expected to win despite the recent arrests of leading officials. The U.S., England and others said they won’t support Blatter.


Vanya Shivashankar, left, of Olathe, Kan., and Gokul Venkatachalam of Chesterfield, Mo., lift the trophy after becoming co-champions Thursday night after the final round of the 88th annual Scripps National Spelling Bee at National Harbor in Oxon Hills, Md.

National Spelling Bee Crowns Co-Champs For Second Straight Year

Gokul Venkatachalam and Vanya Shivashankar went back and forth so long the judges were running out of words. Told he needed one more correct spelling to forge a tie, Gokul needed nothing but the word.


Then-U.S. Rep. Dennis Hastert greets a supporter in Yorkville, Ill., in August 2007, after he announced that he would not seek another term in Congress. Hastert was indicted May 28 on charges of evading cash-withdrawal reporting requirements and lying to the FBI, in connection with what the indictment described as $3.5 million in hush money slowly taken out and paid to an unnamed individual.

Former House Speaker Hastert Indicted In Probe Into $3.5M In Withdrawals

The Illinois Republican is accused of taking the money out in chunks of less than $10,000 to evade reporting requirements, and of lying to the FBI about it.


FCC Chairman Wants To Help Low Income Americans Afford Broadband

Tom Wheeler proposes to reboot the Lifeline phone-access program. The plan recognizes that everyone needs to study, apply for jobs and make social connections online.


A return to Pussy Galore's golden days: Honor Blackman, who played the character on screen in Goldfinger, poses with the original Bond, Sean Connery.

‘Trigger Mortis': New Bond Novel Brings Back Pussy Galore

For author Anthony Horowitz, the book is a return to the “true” James Bond. This means an unpublished scene from Ian Fleming himself — and a long-delayed reunion with a franchise favorite.


Thank you for your support

WUFT depends on the support of our community — people like you — to help us continue to provide quality programming to North Central Florida.
Become a Sustainer
I want to support FM 89.1/NPR
I want to support Florida's 5/PBS
Donate a Vehicle
Underwriting Payments