The cybercriminals that stole the details of 40 million payment cards and the contact information of 70 million Target customers are said to have breached the retailer’s systems after stealing credentials from a vendor.
What we have known so far is that the attackers gained access to information on point-of-sale registers by planting a piece of malware. However, it hasn’t been known how the malware got there in the first place.
Target representatives have told The Wall Street Journal that the attackers had stolen credentials from a vendor and used the information to access the company’s systems.
The vendor has not been named and it’s uncertain how the hackers obtained the data. It’s also uncertain which of Target’s portals allowed them to gain access to payment systems.
WSJ has also reported that the retailer shut down a couple of its portals: a supplier’s database and a human resources website (eHR).