NEW YORK - A western Pennsylvania heating and refrigeration contractor that services Target (TGT) retail stores said it was the victim of a "sophisticated cyberattack operation" that may have allowed hackers to infiltrate Target's computer systems and steal millions of debit and credit card numbers.
Fazio Mechanical Services Inc., of Sharpsburg, Pa., issued the statement after Internet security bloggers identified it as the third-party vendor through which hackers accessed Target's computer systems. Target has said it believes hackers initially gained access to its vast computer network through one of its vendors. Once inside, the hackers moved through the retailer's network and eventually installed malicious software into the company's point-of-sale system.The series of hacks, experts believe, gave thieves access to some 40 million debit and credit card numbers, along with the personal information of another 70 million people.
U.S. Secret Service spokesman Brian
Leary confirmed that Fazio's business is being investigated, but wouldn't
Molly Snyder, spokeswoman for
Minneapolis-based Target, declined comment citing the ongoing investigation.
Federal prosecutors in Pittsburgh
referred calls to their counterparts in Minnesota, where Assistant U.S.
Attorney Steve Schleicher, acting criminal division chief, declined comment on
the Fazio link, in particular, and the overall investigation.
"Like Target, we are a victim of
a sophisticated cyberattack operation," Ross Fazio, the company's
president and owner, said in a statement. Fazio's company is cooperating with
the Secret Service and Target to identify the possible cause of the breach, he
Fazio Mechanical Services also denied
reports on blogs and other outlets that said the company remotely monitored
heating, cooling and refrigeration for Target, which has about 1,800 stores
Fazio's statement explained that his
company has an electronic connection with Target, which it uses to submit bills
and contract proposals.
Target has said hackers breached its
systems during the holiday shopping season and stole about 40 million debit and
credit card numbers and the personal information, including names, email
addresses, phone numbers and home addresses of as many as 70 million customers.
Banks, credit unions and other
entities that issued debit and credit cards have had to cancel and reissue
cards, close transactions or accounts, and refund or credit card holders for
transactions made with the stolen data.
Target has said its customers won't be responsible for any losses.