The Target hack that shook the American credit card industry and delivered up to 110 million customer records to the bad guys was reportedly successful thanks to a side-door left open by a Target contractor.
The hackers were able to get credentials for Target's network stolen from Fazio Mechanical Services, a heating, ventilation, and air conditioning (HVAC) company, according to independent security reporter Brian Krebs. They were first used to access Target's network on November 15, 2013.
Fazio President Ross Fazio told Krebs that the US Secret Service, which customarily investigates these kinds of cases, visited his company's offices in Sharpsburg, Penn., but that he wasn't there during the visit.
A fraud analyst with Gartner estimated to Krebs that Target could be forced to pay up to $420 million to cover costs associated with the breach, including noncompliance with credit card network standards, banks reissuing cards, legal fees, credit monitoring, and other costs. Those costs apparently don't include an upgrade to the more secure chip-and-pin credit cards and card readers.