Dive Brief:
-
Target Corp. said Wednesday that it’s likely hackers were able to install theft malware by using one of its vendor’s credentials to access its systems, although it didn’t say which vendor.
-
The retailer had already revealed that several different cyber-platforms could have been accessed in order to infect its point-of-sale systems.
-
The company has put limits on access to many of its platforms as the investigation continues, amid pressure by politicians, consumers, and law enforcement to get to the bottom of the breach.
Dive Insight:
At least investigators are having some success in pinpointing the origins of the massive holiday breach of Target customers’ data. On the same day that U.S. Attorney General Eric H. Holder, Jr. announced his own investigation into the matter, the company revealed that the malware was likely sent via one of its vendor's systems, using the vendor's credentials to gain access. As officials dig further to find out what happened, the findings could have legal implications and will surely, at least, lead to knowledge about how to limit hackers’ access to retailers’ checkout systems, presumably both online and at point-of-sale checkouts.
