Inter, Intra, and ExtraMost large companies' computer networks are set up in multiple zones. The Internet zone holds customer-facing systems like company webpages, online shopping, and contact information. These systems should only deal with low security issues like presenting product information or mailing addresses. The Intranet zone is for internal use by employees. A company's trouble ticketing system or employee computer-based training terminals are connected to this zone. Extranet is the most complicated zone to manage and secure. This is where partner companies connect to your systems for more access than the internet zone can provide without having employee level access on an intranet user.
Extra, Extra, ExtraIn Target's case, Fazio Mechanical Services had access credentials to Target's systems to support billing and work contracts when Fazio was hired to perform work on the HVAC systems at Target stores in the Mid-Atlantic region.
And, no, as user of Target's extranet, Fazio's credentials should not have enabled them to upload to or in any way make contact with any part of Target's point of sale terminals.
Payment Card Industry (PCI) standards now come into play. Companies which submit credit card payments are not required to build a separate network for payment and non-payment activities. But outside users like contractors and vendors are required to use two-factor authentication to access a company's network.