Report: Target hackers used stolen Pa. refrigeration vendor credentials


A bombshell revelation from a cyber-security website about how hackers got at Target's customers was released on Wednesday even as executives from the embattled retailer explained their practices to a congressional committee in a hearing on Capitol Hill.

The Pioneer Press quoted a post on KrebsOnSecurity website by Brian Krebs, who broke the story of the Target data breach in December. He said the hackers who snatched personal and financial information belonging to millions of Target shoppers gained access to the company's network using credentials stolen from a Pennsylvania refrigeration company that has worked at a number of Target locations.

MPR News also cited the Krebs report, noting that the initial breach had been traced to credentials stolen from a third party vendor, the heating and air conditioning company.

Fazio Mechanical Services is the refrigeration company named in Krebs' post. It lists two Target jobs on a company website -- one in Ohio, and the other in Maryland. President Ross Fazio reportedly told Krebs that the "U.S. Secret Service visited his company's offices in connection with the Target investigation."

Target announced the breach on Dec. 19, saying information from up to 40 million customers was stolen between Nov. 27 and Dec. 15. Target later acknowledged that additional information from up to 70 million customers was stolen in a separate breach.

Target CFO John Mulligan appeared before both Senate and House committees this week, testifying that Target is investing $100 million to improve security, including the adoption of updated chip-and-PIN technology.

Next Up