Security Magazine

Target Traces Security Breach to Stolen Vendor Credentials

January 30, 2014

An intruder stole a vendor's credentials that were then used to access Target's system and cause its massive security breach last year.

Speaking to the Wall Street Journal, spokeswoman Molly Snyder did not reveal how the credentials were stolen or which particular outlet was at fault, but she did say the particular portal now has limited access to its computer systems while the investigation continues, said ZNet. Target's systems are accessible from a number of outlets, ZNet says, and many different platforms could be at fault. For example, two systems -- a human resources website and supplier database -- had access restricted shortly after the attack was discovered, but Target said the hackers used a system which was not related to payment areas.

The cyberattack, taking place from November 2013, stole 40 million credit and debit card records from Target, as well as 70 million records containing information such as addresses and mobile numbers.