You are using an older browser version. Please use a supported version for the best MSN experience.

Hackers had unprecedented access to Target stores in 2013 breach

International Business Times logo International Business Times 9/21/2015 Jeff Stone
UP NEXT
UP NEXT

The hackers responsible for the 2013 Target data breach that exposed payment information on 40 million customers had nothing to stop them from accessing every cash register in every Target store, according to new details from an investigation into the breach. Details from the confidential investigation, conducted by Verizon and obtained by cybersecurity journalist Brian Krebs, also seem to indicate hackers infiltrated Target’s systems by first accessing an air conditioning company that worked with the retail chain.

Target commissioned the investigation, which lasted from December 21, 2013 until March 1, 2014, “in anticipation of litigation” from banks and credit card companies that are expected to sue Target for the cost of sending out new cards to the millions of customers impacted by the breach.  Remarkably, Krebs reported, Target had “no controls limiting their access to any system, including devices within stores such as point of sale (POS) registers and server.”

Target admitted in January 2014 that hackers used malicious software, later traced to Russia, to break into its networks and access credit and debit card information directly from Target’s checkout lanes through the holiday shopping season. News of the breach diminished holiday sales, the company said, and Target eventually fired its CEO in connection with the breach.

Verizon investigators determined they could easily jump from the scale that operated a deli to a register in the same store. They could have used similar methodology to deploy malware against registers at each of the 1,800 Target stores in the U.S.

They also determined that the hackers entered Target’s networks by obtaining credentials from technicians at Fazio Mechanical, a small heating and air conditioning company that worked with Target. Fazio Mechanical was previously hacked with malware that was delivered by email.

Target hack© Provided by IBT US Target hack

AdChoices
AdChoices
AdChoices

More from International Business Times

International Business Times
International Business Times
image beaconimage beaconimage beacon