Target Hack: What Happened?

Written by Sterling Gardner

March 3, 2022

In 2013, Target was the victim of a famous hacking incident. This month, we’re going to dive into what happened, why it happened, and what we learned from the incident. First, what exactly happened?

Hackers gained access to Target’s servers via a third-party HVAC contractor, Fazio Mechanical Services. The perpetrators stole credentials from FMS and proceeded to access Target’s payment systems (to which the HVAC company had open access). The hackers, with full access to Target’s systems, installed malware on a small number of point-of-sale machines in Target stores. After testing that the malware successfully harvested credit card information and personal data from the registers, the hackers pushed the malware to the vast majority of Target’s registers. All of this occurred between November 27th and December 13th, covering Black Friday and a large portion of the holiday shopping season.

Hackers walked away with 40 million credit card numbers and personal information of 70 million customers, right at the holidays.

The stolen information was traced and a portion was reportedly sent to a location in Russia, but most of the information was stored on other compromised systems. Portions of the data were found on servers belonging to businesses in Miami and Brazil. Often, these “drop locations” aren’t even aware that their systems are being used by hackers. (We call these systems “zombies.”)

The incident cost Target over $200 million, not to mention the cost to consumers who lost data. But what exactly did Target do wrong? Next week, we’ll talk about it. See you then.

Sign Up for Our Monthly Newsletter

Our monthly newsletters keep you up-to-date on the world of technology. Each month, we feature a letter from Charles, an article about current technology, and an introduction to one of our team members. Sign up below to receive them, free of charge or obligation, every month.

Fill out my online form.

Skip to content