U.S. HVAC Firm Reportedly Linked To Target's Data Security Breach | WAMU 88.5 - American University Radio

NPR : News

Filed Under:

U.S. HVAC Firm Reportedly Linked To Target's Data Security Breach

Hackers who broke into Target's computer network and stole customers' financial and personal data used credentials that were stolen from a heating and air conditioning subcontractor in Pennsylvania, according to digital security journalist Brian Krebs.

Target did not confirm Krebs' version of events when he presented his story to the giant retailer, citing the ongoing inquiry into how credit card data was stolen. Krebs cites anonymous sources and a confirmation of a visit from federal officials to the HVAC company:

"Sources close to the investigation said the attackers first broke into the retailer's network on Nov. 15, 2013 using network credentials stolen from Fazio Mechanical Services, a Sharpsburg, Penn.-based provider of refrigeration and HVAC systems.

"Fazio president Ross Fazio confirmed that the U.S. Secret Service visited his company's offices in connection with the Target investigation, but said he was not present when the visit occurred."

As for why an air conditioning company might need access to Target's computer network, a security expert tells Krebs that retailers sometimes grant such access to let vendors make changes and adjustments remotely, in order to cut heating and cooling costs.

In tweets following publication of his story today, Krebs said it's possible that Target's customer information was segmented away from other areas of its network, to prevent unauthorized access to sensitive financial data — but the hackers figured out a way to get to that data.

In recent months, Target and Neiman Marcus have headlined a list of companies reporting data breaches. The stories have led Congress to look at how to prevent such incursions, as Elise Hu reported for NPR's All Tech Considered earlier today.

Her story includes this quote from Sen. Al Franken, D-Minn.:

"Right now there's no federal law setting out clear security standards that merchants and data brokers need to meet, and there's no federal law requiring companies to tell their customers when their data has been stolen."

Copyright 2014 NPR. To see more, visit http://www.npr.org/.

WAMU 88.5

Audiences Get A Modern Look At A 19th Century Opera

Opera as seen through the lens of Google Glass? Wolf Trap is giving audiences the chance to mix technology with Bizet’s classic "Carmen" this month.
NPR

Can You Trust That Organic Label On Imported Food?

A new book claims the organic label can't be trusted, especially on food that's imported. Yet there is a global system for verifying the authenticity of organic food, and it mostly seems to work.
NPR

Insurance For Fake Identities The Latest Skirmish Over Obamacare

Republicans say a sting in which false identities were used to sign up for health care has revealed a major problem. Democrats question the premise that people would try to steal insurance.
NPR

A Plan To Untangle Our Digital Lives After We're Gone

In the digital age, our online accounts don't die with us. A proposed law might determine what does happen to them. But the tech industry warns the measure could threaten the privacy of the deceased.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.