The HVAC contractor linked to the Target breach says the only data connection between the two companies was a billing system. ICS experts decry the security of bridges between IT and facilities systems. Fazio Mechanical Services is based in Sharpsburg, Pa., and specializes in supermarket refrigeration systems. Hackers were able to upload RAM scraping malware to point of sale systems and exfiltrate stolen payment card data via a server inside the Target firewall to the attackers remote server.
Source: https://threatpost.com/hvac-integrators-billing-connection-led-to-target-breach/104135/