Six years ago, a major U.S. retailer suffered one of the most famous data breaches in history. Attackers compromised the company’s retail point-of-sale (POS) system and remained embedded in it for over two weeks, siphoning credit card information that moved through the system during the busy holiday shopping period. When the dust settled, the investigation revealed that the breach affected 41 million consumers.

Incident investigators traced the root cause of the breach back to an unlikely source: An HVAC repair company that served as a contractor to the retailer and had VPN access to its network. An attacker managed to steal the password of an employee of the contractor and used that initial access to work his or her way into the network, install malware on the POS system and instruct it to collect customer information.

Published October 2019 in BizTech Magazine.
Read the full article: Don’t Be Victimized by a Supply Chain Attack