Target Suffers Largest Retail Data Breach in U.S. History.
The Target Corp hackers managed to break into its payments network by first breaching a “data connection” between the U.S. retailer and its HVAC systems contractor. The data connection was used by the vendor, Fazio Mechanical Services, to bill Target and exchange contract and project management information with the retailer. Target, the third-largest U.S. retailer, has said the hackers stole about 40 million credit and debit card records, as well as personal information, such as addresses and phone numbers, belonging to about 70 million customers.
Many in the industry immediately recognized that a similar attack could happen with credentials for a BAS or energy management system, especially if a third-party company is performing a remote monitoring service.
November 15, 2013
70 million customers were affected. The total cost to Target for the attack, security upgrades, and lawsuits is estimated at $309M.