A Pennsylvania refrigeration, heating and air conditioning company that was linked to the massive Target data breach earlier this week confirmed it was also a victim of a "cyber attack."
Security blogger Brian Krebs called out Fazio Mechanical Services Inc. of Sharpsburg on Wednesday, saying the hackers who snatched personal and financial information belonging to millions of Target shoppers gained access to Target's network using credentials stolen from Fazio.
"Like Target, we are a victim of a sophisticated cyber attack operation," Ross Fazio, Fazio's president and owner, said in a written statement. "We are fully cooperating with the Secret Service and Target to identify the possible cause of the breach and to help create proactive initiatives that will further enhance the security of client/vendor connections making them less vulnerable to future breaches."
The subcontractor worked at a number of Target locations and other top retailers, according to Krebs. An anonymous cyber security expert told Krebs that it is common for large retail operations to have a team that monitors energy consumption and temperatures in stores. To do this, "vendors need to be able to remote into the system," the expert said.
However, Fazio said it does not perform remote monitoring or control heating, cooling and refrigeration systems for Target.
"Our data connection with Target was exclusively for electronic billing, contract submission and project management," Fazio said.
The company says no other customers have been affected by the breach.
The U.S. Secret Service has confirmed an investigation into Fazio, but wouldn't provide further details, the Associated Press reports. Minneapolis-based Target and the U.S. Attorney's Office also declined to comment.