Did This Target Vendor Play a Role in Its Large-Scale Security Breach?

Source: Kevin Dooley / Flickr

The investigation into Target’s (NYSE:TGT) high-profile security breach continues, and now sources say that the U.S. Secret Service is eyeing a refrigeration contractor based in Pennsylvania. Last week, in keeping with its promise to constantly update consumers on its investigation, Target said that it was looking into the possibility that the theft of a vendor’s credentials may have helped cyber criminals pull off the massive data breach that the retailer suffered during the holiday shopping season.

Though the Minneapolis-based company did not identify the vendor at the time, Reuters reported Wednesday that the Secret Service visited refrigeration contractor Fazio Mechanical Services this week to determine if it had a possible connection with Target’s security breach. Target is a client of Fazio’s, and law enforcement officials said they have found reason to believe that hackers stole login credentials from Fazio and may have used them to break into Target’s network.

According to Reuters, Fazio is the largest refrigeration contractor in the western Pennsylvania region, and it sells its refrigerators to Target. Investigators are not positive Fazio had a connection to Target’s breach, and it is still possible the hackers used other ways to break into Target’s network. However, security blogger Brian Krebs reported earlier on Wednesday that Fazio President Ross Fazio confirmed that the Secret Service had paid a visit to his company to determine whether it had a connection with the Target data theft.

Target spokeswoman Molly Snyder maintained in an email Wednesday to Reuters, “Because this continues to be an active and ongoing investigation we don’t have additional details to share at this time.”

As the Secret Service visited Fazio this week, executives from Target went to Washington to testify before the U.S. Senate Judiciary alongside representatives from Neiman Marcus, another retailer that was hit with a holiday season data breach. Earlier this month, Washington officials called on executives from both companies to appear before the Senate so they could better explain what occurred during the holiday season in order to determine a way to strengthen retailers’ security, ensure consumer safety, and guarantee that destructive hacks such as Target’s don’t continue to happen in the future.

Target Chief Financial Officer John Mulligan was under the spotlight Tuesday at the committee hearing, which is the first step in a series of congressional panels that have been planned. Mulligan made it clear that Target recognizes that the breach has led to a decline in consumer trust, but the CFO still asserted, “We will learn from this incident and, as a result, we hope to make Target, and our industry, more secure for customers in the future,” Reuters reports.

It’s now been almost two months since consumers learned of Target’s large-scale data breach that that resulted in the theft of about 40 million credit and debit card records, as well as 70 million other records with customer information, but the retailer is still navigating the turmoil and has done its part to keep consumers and investors informed. The Secret Service’s investigation into Fazio may serve to give the retailer some peace of mind, but is still unclear whether the Pennsylvania refrigeration contractor really had a connection.