Target Settles HVAC Data Breach for $18.5 Million

  May 25, 2017

By Greg Zimmerman

Target has settled its 2013 data breach for $18.5 million, which is just the tip of the iceberg of the $202 million the company says the breach cost. Hackers stole a reported 40 million credit card numbers in one of the biggest data breaches in history.

As you may remember, this breach was a result of stolen credentials from a third-party HVAC vendor. The hackers used the stolen credentials to break through from a “billing, contract submission, and project management” platform. But many in the industry immediately recognized that a similar attack could happen with credentials for a BAS or energy management system, especially if a third-party company is performing a remote monitoring service. Therefore, Target’s data breach has been a hot topic in our industry in terms of being aware of cybersecurity and what facility managers can do to prevent similar attacks.

Certainly, for many facility managers, cybersecurity isn’t exactly a core competency. But it must be something to be carefully considered — and there are plenty of resources out there, including stories in Building Operating Management.

Our cover story last summer looked specifically at BAS security and provided facility managers with much practical advice for security their systems.

Our editor, Edward Sullivan, penned an editorial last November urging facility managers to keep close eye on cybersecurity and how to partner with IT to do so. And his piece was a sort of introduction to a story we ran in the same issue providing advice on how to get started with cybersecurity when considering Internet of Things projects.

However facility managers work on cybersecurity, one thing is for sure: It can’t be something left to “the nerds in the computer room” anymore. It’s a categorical imperative, as Target’s cautionary tale shows.

This Quick Read was submitted by Greg Zimmerman, executive editor, Building Operating Management. Read his cover story profiling the University of Arizona’s Chris Kopach and his data initiatives.


Read next on FacilitiesNet