Target HVAC Vendor Provides Info On Connection To Data Breach

Earlier this week, it was revealed that the hackers behind the massive breach of Target’s in-store payment system were able to access the retailer’s network through one of its heating, cooling and ventilation vendors. That company is now providing more information about the attack.

“Like Target, we are a victim of a sophisticated cyber attack operation,” said a statement from the president and owner of Pennsylvania-based Fazio Mechanical Services. “We are fully cooperating with the Secret Service and Target to identify the possible cause of the breach and to help create proactive initiatives that will further enhance the security of client/vendor connections making them less vulnerable to future breaches.”

When the news broke that the hackers had reached Target’s payment network using stolen Fazio credentials, some theorized that the vendor may have had remote access to Target’s system for the purpose of monitoring in-store heating and cooling systems. However, the Fazio statement says this was not the case.

“Our data connection with Target was exclusively for electronic billing, contract submission and project management,” explains the company.

Fazio is also an HVAC vendor for a number of other major retailers, which has caused concern that those stores’ payment systems might have also been breached. However, Fazio states that “Target is the only customer for whom we manage these processes on a remote basis… No other customers have been affected by the breach.”