MINNEAPOLIS (WCCO) — The cyber reporter who first broke the news about Target’s massive data breach says he now knows how the hackers got in.
An employee at an outside vendor was tricked into clicking on a malicious email. Once hackers gained access to the employee’s computer, they entered Target’s system where they were able to steal payment data.
In the cyber world, this is known as a phishing attack. And after stealing the data of 110 million Americans, it appears to be among the biggest catches of all time.
Evan Francen is president of FRSecure, a local information security management company. He says phishing is nothing new to the corporate world.
“We see it everywhere,” he said.
Cyber-security journalist Brian Krebs says that in the case of Target unnamed sources told him hackers sent a malware program via email to one of Target’s third-party vendors. Those vendors are often targeted by hackers.
“A lot of those vendors aren’t subject to risk assessments,” Francen said.
An employee at Fazio Mechanical, a company that installed refrigeration in some Target stores, fell for the trick. Fazio was only protected by a free anti-malware program, Krebs said.
Two months after that, Target was making headlines.
And if you thought the headline was startling, Krebs says this is just the beginning.
“There’s a lot more to come,” Francen said.
While security software can help to a point, experts say it’s ultimately up to workers to play detective.