Target's major data breach that took place over the holidays has been traced back to a malware email attack sent to employees at an HVAC firm which partnered with the retailer. The hack exposed credit card and personal data on more than 110 million consumers. Investigators have traced the breach back to network credentials that Target had given to Fazio Mechanical, a heating, air conditioning and refrigeration partner. Those credentials were stolen from a spam attack at Fazio.