Topics:

Target breach: Heating vendor confirmed as hackers' entry point

Tools

Investigators are closer to pinning down the cause of Target's data breach. A Pennsylvania-based heating and refrigeration contractor that services Target (NYSE:TGT) stores confirmed it was "a victim of a sophisticated cyberattack operation," which could be how the hackers gained access to Target's systems.

Fazio Mechanical Services acknowledged it had access to Target's network for electronic billing and project management purposes, according to Ross Fazio, the company's owner. It is suspected thieves used Fazio's vendor credentials to access Target's network and upload their malware to cash registers. Only 25 registers were hacked, but up to 110 million cards were compromised during the attack, according to Target.

Fazio denied reports on blogs and other outlets that said the company remotely monitored heating, cooling and refrigeration for Target. 

U.S. Secret Service spokesman Brian Leary has confirmed an investigation into Fazio's business, but wouldn't provide details, reports USA Today. A Target spokeswoman declined to comment on the report.

For more:
-See this Krebs on Security article
-See this USA Today article

Related stories:
Target to install chip and PIN card readers, says that only 25 registers were to blame for massive breach
The story of how Target had chip and PIN cards, but failed to keep them
Arrested pair thought to be Target hackers, NRF urges adoption of chip and PIN cards
Target invests $5 million in security education, offers free credit monitoring to customers for 1 year
Target data breach gets worse, 110 million shoppers at risk