Target Suffers Largest Retail Data Breach in U.S. History.

September 29, 2022


The Target Corp hackers managed to break into its payments network by first breaching a “data connection” between the U.S. retailer and its HVAC systems contractor. The data connection was used by the vendor, Fazio Mechanical Services, to bill Target and exchange contract and project management information with the retailer. Target, the third-largest U.S. retailer, has said the hackers stole about 40 million credit and debit card records, as well as personal information, such as addresses and phone numbers, belonging to about 70 million customers.

Many in the industry immediately recognized that a similar attack could happen with credentials for a BAS or energy management system, especially if a third-party company is performing a remote monitoring service.

Incident Date

November 15, 2013

Estimated Cost

70 million customers were affected. The total cost to Target for the attack, security upgrades, and lawsuits is estimated at $309M.


No victims identified

Type of Malware

No Malware identified

Threat Source

No threat source identified