Fazio Mechanical Services, Inc. has confirmed reports that it is the company whose systems have been abused by cybercriminals in order to breach Target.
However, the heating, ventilation and air conditioning (HVAC) company says it does not perform remote monitoring of the systems installed at Target as suggested by some experts. Instead, the data connection between Fazio and Target was used “exclusively for electronic billing, contract submission and project management.”
Fazio President Ross E. Fazio has clarified that the retailer is the only customer with which it had such a data connection.
“No other customers have been affected by the breach,” Fazio said in a statement.
Furthermore, he says that all their IT and security systems are in “full compliance with industry practices.”
Because of the ongoing investigation, the company can’t provide any additional details, but says that it’s fully cooperating with Target and authorities to identify the causes of the breach.
In late January, Target representatives revealed that the cybercriminals stole credentials from a vendor in order to hack into their networks. However, at the time, no company was named. The fact that Fazio is the vendor in question has been brought to light by Brian Krebs.