More than 110 million Target customers had their credit-card information stolen because at least one employee of a heating and air-conditioning contractor succumbed to an email phishing scheme, cybersecurity blogger Brian Krebs reported Wednesday.
The revelation, if true, is the strongest indication yet of what went wrong since Krebs first exposed the massive heist of consumer financial data at the national retail giant late last year, a startling cyberattack that has prompted intense congressional inquiry. Neiman Marcus and other chains have also recently been victimized, though it is not believed that the perpetrators are the same.
Last week, Krebs reported that hackers infiltrated Target’s network by swiping the login credentials of Fazio Mechanical Services, a Pennsylvania-based contractor.
Now, anonymous sources tell Krebs that credentials “were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers.” It appears that the culprits used a password-stealing bot known as Citadel to get the job done.
Fazio, in response to its sudden notoriety last week, sent out a statement explaining that it had been “the victim of a sophisticated cyberattack operation.” But Krebs notes that the company’s defense against malicious attacks was a free version of a somewhat impotent anti-malware program, which “is made explicitly for individual users and its license prohibits corporate use.”
Members of Congress are calling for a bill to create a national reporting standard for data breaches similar to the one that hit Target. Retailers and financial institutions would be required to notify government and consumers of breaches when they occur.
The new revelations arrive on a day when the White House rolled out a set of voluntary guidelines intended to help businesses defend themselves against hackers.
What We're Following See More »
"The U.S. Supreme Court on Monday rejected a sweeping constitutional challenge to Seattle’s minimum wage law, in what could have been a test case for future legal attacks on similar measures across the country. In a one-line order, the justices declined to hear a case by the International Franchise Association and a group of Seattle franchisees, which had said in court papers that the city’s gradual wage increase to $15 discriminates against them in a way that violates the Constitution’s commerce clause."
Hillary Clinton may have the Democratic nomination sewn up, but Bernie Sanders apparently isn't buying it. Buoyed by a poll showing them in a "virtual tie," Sanders is "holding three rallies on the final day before the state primary and hoping to pull off a win after a tough week of election losses and campaign layoffs."
As unbound delegates pledged to Ted Cruz watch him "struggle to tread water in a primary increasingly dominated by Trump, many of them, wary of a bitter convention battle that could rend the party at its seams, are rethinking their commitment to the Texas senator."
"The confrontation between debt-swamped Puerto Rico and its creditors is intensifying as the U.S. territory will default on payments due Monday, deepening the island's financial crisis and placing additional pressure on Congress to intervene." The amount of the default is estimated at $422 million.