The data breach resulted from Target’s failure to segregate systems handling payment card data from the rest of its network (Bertrand, 2014). The attackers gained access to the company’s network with a username and password stolen from Fazio Mechanical Services who provided refrigeration and HVAC systems for them. With just that information alone, the attackers were able to upload malware programs on Target’s Point of Sale (POS) systems.
Target allowed a third party access to its network, and then failed to properly secure that access. The attackers were able to reach the company’s payment systems through third-party credentials; which suggests that proper security was not implemented. Therefore, by segregating Target’s systems and not allowing all parties access to all components of its systems, Target can/could greatly reduce security breaches in the future.
Bertrand, N. (2014, October 20). Here's What Happened To Your Target Data That Was Hacked. Retrieved July 14, 2015.
Vijayan, J. (2014, February 6). Target breach happened because of a basic network segmentation error. Retrieved July 14, 2015.