Krebs on Security's Brian Krebs reports that the hackers who recently breached point of sale systems at Target first gained access to the company's network via login credentials stolen from HVAC systems provider Fazio Mechanical Services.
An anonymous cybersecurity expert at a large retailer told Krebs that Fazio could well have been given access to Target's network in order to monitor energy consumption and to alert managers if temperatures in stores fluctuated too widely.
"To support this solution, vendors need to be able to remote into the system in order to do maintenance (updates, patches, etc.) or to troubleshoot glitches and connectivity issues with the software," the expert told Krebs. "This feeds into the topic of cost savings, with so many solutions in a given organization."
Separately, Gartner analyst Avivah Litan told Krebs that Target could face losses of up to $420 million as a result of the breach.