The hackers responsible for last November’s massive breach at Target were able to access the company’s point-of-sale devices via an unrelated platform used by vendors, says ZDNet.com.
The news source reports that small firms may have been the weak link in the system:
Large firms usually have access to far more security-related resources than small vendors and firms that piggy-back on their systems—whether as part of a supply chain or as a provider of third-party software. As a result, cybercriminals are known to break in to smaller systems with less protection in order to access larger, more lucrative networks. In this case, Target’s networks were infiltrated through a third party, allowing the hackers to move through Target’s systems to steal valuable credit card information.
Now KrebOnSecurity is reporting that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers. Who would think that an HVAC company would pose a security risk? That’s news to me.
Considering campuses also manage numerous vendors, this story begs the question: What are you doing to manage your suppliers’ logical access credentials?
Related Articles:
- U.S. Credit Card Security a Target for Hackers
- U.S. Universities Face Millions of Cyber Attacks Weekly
- Cybercrime Report: Most Breaches Are Low-Tech
- Your Physical Access Control Cheat Sheet