Target Breach Highlights Need for Vendor Credential Management on Campus

An investigation into Target’s massive data breach last year indicates that hackers were able to access the company’s system via stolen vendor credentials.

The hackers responsible for last November’s massive breach at Target were able to access the company’s point-of-sale devices via an unrelated platform used by vendors, says

The news source reports that small firms may have been the weak link in the system:

Large firms usually have access to far more security-related resources than small vendors and firms that piggy-back on their systems—whether as part of a supply chain or as a provider of third-party software. As a result, cybercriminals are known to break in to smaller systems with less protection in order to access larger, more lucrative networks. In this case, Target’s networks were infiltrated through a third party, allowing the hackers to move through Target’s systems to steal valuable credit card information.

Now KrebOnSecurity is reporting that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers. Who would think that an HVAC company would pose a security risk? That’s news to me.

Considering campuses also manage numerous vendors, this story begs the question: What are you doing to manage your suppliers’ logical access credentials?

Related Articles:


If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author

robin hattersley headshot

Robin has been covering the security and campus law enforcement industries since 1998 and is a specialist in school, university and hospital security, public safety and emergency management, as well as emerging technologies and systems integration. She joined CS in 2005 and has authored award-winning editorial on campus law enforcement and security funding, officer recruitment and retention, access control, IP video, network integration, event management, crime trends, the Clery Act, Title IX compliance, sexual assault, dating abuse, emergency communications, incident management software and more. Robin has been featured on national and local media outlets and was formerly associate editor for the trade publication Security Sales & Integration. She obtained her undergraduate degree in history from California State University, Long Beach.

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety Conference promo