Brian Krebs Reports: "The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation."
Another good reason for organizations to insist that their business partners have effective security awareness training to prevent these kinds attacks. The plot thickens and Brian has the whole story here:
http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/