Report: Target hackers used HVAC-service company’s credentials
Minneapolis – The hackers responsible for the recent Target data breach reportedly gained initial access to the retailer’s network using credentials stolen from a heating, ventilation and air conditioning (HVAC) vendor. According to the New York Times, the hackers, using the vendor’s access, were able to break into Target’s network and from there were able to compromise a server storing the personal data of 70 million customers, as well as in-store POS systems that allowed access to 40 million credit and debit card numbers.
In related news, Reuters reported the U.S. Secret Service visited refrigeration contractor Fazio Mechanical Services, Sharpsburg, Pa., this week to determine its possible connection with Target’s security breach. Target is a client of Fazio’s, and law enforcement officials suspect that hackers stole login credentials from Fazio and may have used them to break into Target’s network. Security blogger Brian Krebs reported that Fazio president Ross Fazio had confirmed the visit by the Secret Service in connection with the Target probe.
Target did not comment on the report.
Security specialists confirmed for the Times that Target’s HVAC system, similar to many other retailers’ systems, is connected to the Internet, but it is not currently clear whether Target required the HVAC vendor to use a second, temporary password in addition to the credentials or if Target’s vendors connect to its network via virtual private network (VPN), which is more secure than direct access. Target passed a security audit in November 2013, the same month when the breach initially occurred.
Read an Expert Opinion on the subject by Dwayne Melancon, chief technology officer, Tripwire.
Kohl’s Q4 same-store sales decline, lowers guidance
Menomonee Falls, Wis. – Kohl’s Corp on Thursday lowered its profit forecast for the fourth quarter after the retailer reported a 2% decrease in same-store sales in January.
Combined November and December same-store sales rose 0.8%, but the company said January sales were significantly lower than planned as a result of lower traffic and low levels of clearance merchandise.
Unanticipated expenses in servicing Kohl’s e-commerce business led to higher than expected costs for the quarter. As a result of these expenses, Kohl’s is lowering its fourth quarter diluted earnings per share estimates from $1.59 to $1.74 to approximately $1.53. Fiscal 2013 diluted earnings per share are now expected to be approximately $4.03, compared to previous guidance of $4.08 to $4.23.
Kohl’s will release its detailed report on the fourth quarter and full year as scheduled on Feb. 27, 2014.
Costco tops estimates as January same-store sales rise 4%
Issaquah, Wash. — Costco Wholesale Club’s same-store sales rose 4% in January, topping analysts’ expectations. The metric rose 5% in the United States, and was 1% internationally.
Removing the impact of lower gas prices and foreign currency fluctuations, same-store sales were up 6%, rising 5% in the United States and 8% overseas.
For the 22 weeks ended Feb. 2, Costco reported net sales of $46.3 billion, representing a similar increase of 6% versus the year-ago period.
The company plans to release its operating results for the second quarter on Thursday, March 6.
Costco currently operates 649 warehouses, including 462 in the United States and Puerto Rico, 87 in Canada, 33 in Mexico, 25 in the United Kingdom, 18 in Japan, 10 in Taiwan, nine in Korea and five in Australia. Costco also operates e-commerce sites in the U.S., Canada, the United Kingdom and Mexico.