Did Ariba Cause the Target Credit Card Breach? No. [Plus+]

Over the past few days, the security and IT world has been abuzz with theories regarding exactly how the hackers who breached Target’s point-of-sale wall were able to steal credit card numbers from unsuspected shoppers. The latest provider with a finger pointed at it in speculative discussions is SAP / Ariba (Ariba, specifically). On his highly detailed blog, Brian Krebs reports the following based on what appears to be a phishing scheme that led to the Target breach: “…[It] appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation … investigators believe the source of the Target intrusion traces back to network credentials that Target had issued to Fazio Mechanical, a heating, air conditioning and refrigeration firm in Sharpsburg, Pa. Multiple sources close to the investigation now tell this reporter that those credentials were stolen in an email malware attack at Fazio…” But is Ariba at fault? We argue no.

For full access to this Spend Matters Plus content: