Keith Srakocic, Associated Press
NEW YORK — The hackers who stole millions of credit and debit card numbers from Target may have used a Pittsburgh-area heating and refrigeration business as the back door to get in.
Fazio Mechanical Services Inc., a contractor that does business with Target, issued a statement Thursday saying it was the victim of a "sophisticated cyberattack operation," just like Target. It said it is cooperating with the Secret Service and Target to figure out what happened.
The statement came days after Internet security bloggers identified the Sharpsburg, Pa., company as the third-party vendor through which hackers penetrated Target's computer systems.
The new details about the Target breach illustrate just how vulnerable big corporations have become as they expand and connect computer networks to offer greater convenience and increase productivity.
"Companies really have to look at the risks associated with that," said Ken Stasiak, CEO of SecureState, a Cleveland-based firm that investigates data breaches. Stasiak added that industry regulations require companies to separate corporate operations such as contracts and billing from the financial information of consumers.
Target has said it believes hackers gained access to its vast computer network through one of its vendors. Once inside, the hackers moved through the network and installed malicious software in the company's checkout system.
Experts believe the thieves gained access during the busy holiday season to about 40 million debit and credit card numbers and the personal information — including names, email addresses, phone numbers and home addresses — of as many as 70 million customers.
Secret Service spokesman Brian Leary confirmed that investigators are looking into the attack at Fazio Mechanical Services, but wouldn't provide details. Molly Snyder, spokeswoman for Minneapolis-based Target, would not comment, citing the investigation.
Federal prosecutors in Pittsburgh referred calls to their counterparts in Minnesota, where Assistant U.S. Attorney Steve Schleicher, acting criminal division chief, would not discuss the investigation.
"Like Target, we are a victim of a sophisticated cyberattack operation," Ross Fazio, the company's president and owner, said in a statement.
Fazio Mechanical Services denied reports on blogs and other outlets that said the company remotely monitored heating, cooling and refrigeration for Target, which has about 1,800 stores nationwide. Ross Fazio said his company has an electronic connection with Target that it uses to submit bills and contract proposals.
In the weeks since Target disclosed the breach, banks, credit unions and other card companies have canceled and reissued cards, closed accounts and refunded credit card holders for transactions made with the stolen data. Target has said its customers won't be responsible for any losses.
AP reporter Joe Mandak reported from Pittsburgh.
- Gov. Gary Herbert to gather voter signatures
- Bishop public lands proposal unveiled,...
- Sarah Palin's oldest son arrested in domestic...
- IS acknowledges death of 'Jihadi John' in...
- Trump receives key endorsement from Sarah Palin
- Rio de Janeiro Olympics facing deep cuts...
- Cruz joined fight for gun rights as political...
- Tax season begins as IRS begins to accept...
- Interior Department halts new federal... 29
- Obama cites Americans' release as win... 23
- Trump receives key endorsement from... 23
- Utah GOP sues state again over... 22
- Bishop set to unveil 'Grand Bargain'... 20
- In tight race, Democrats debate passion... 16
- Cruz joined fight for gun rights as... 15
- Gov. Gary Herbert to gather voter... 12