The hackers who stole millions of customers' credit and debit card numbers from Target may have used a Pittsburgh-area heating and refrigeration business as the back door to get in.
Fazio Mechanical Services Inc., a contractor that does business with Target, said in a statement Thursday it was the victim of a "sophisticated cyber-attack operation," just as Target was. It said it is cooperating with the Secret Service and Target to figure out what happened.
The statement came days after Internet security bloggers identified the Sharpsburg, Pa., company as the third-party vendor through which hackers penetrated Target's computer systems.
Target has said it believes hackers gained access to its vast computer network through one of its vendors. Once inside, the hackers installed malicious software in Target's checkout system for its estimated 1,800 U.S. stores.
Experts believe the thieves gained access during the busy holiday season to about 40 million debit and credit card numbers and the personal information -- including names, email addresses, phone numbers and home addresses -- of as many as 70 million customers.
Fazio said it uses its electronic connection with Target to submit bills and contract proposals. The new details illustrate what can go wrong with the far-flung computer networks that big companies increasingly rely on.
"Companies really have to look at the risks associated with that," said Ken Stasiak, CEO of SecureState, a Cleveland firm that investigates data breaches.
Secret Service spokesman Brian Leary confirmed investigators are looking into the attack at Fazio. Molly Snyder, spokeswoman for Minneapolis-based Target, would not comment.