Hackers gained access to Target’s computer system and stole financial and personal data of 110 million shoppers by tricking an employee at an outside vendor into clicking on a malicious email, according to a report Wednesday by security blogger Brian Krebs.
An employee at Fazio Mechanical, a Sharpsburg, Pa.-based heating, ventilation and air-conditioning company with access to Target’s network, fell for a “spear phishing” attack, in which hackers send malware-laced emails that appear to come from trusted sources to take over victims’ computers, according to Krebs, who cited sources close to the investigation.
Once hackers gained access to the employee’s computer, they could enter Target’s system and steal the retailer’s payment card data, Krebs wrote. Fazio was reported last week to be the possible conduit through which hackers accessed Target’s network, but the details of how the attack may have occurred are new.
Click here to read more.