Target Credit Card Breach: Senators Criticize Retailer for Not Acting on Warnings
Target's woes only seem to grow as the retailer is now facing major criticism from U.S. government officials about its failure to act on warning signals that could have prevented December's massive security breach that made off with an unprecedented amount of consumer personal records.
Chairman of the Senate Commerce Committee Senator John D. Rockefeller IV, Democrat of West Virginia, and Senator Richard Blumenthal, a Democrat from Connecticut, both vocalized their disapproval of Target's handling of last year's security breach Wednesday at a Senate hearing.
"The best technology in the world is useless unless there's good management," Mr. Blumenthal said. "And here, to be quite blunt, there were multiple warnings from the company's anti-intrusion software; they were missed by management."
Senator Rockefeller chimed in, stating that the Target breach "must be a clarion call to businesses, both large and small, that it's time to invest in some changes."
Target chief financial officer John J. Mulligan admitted mistakes were made, but that the No. 3 U.S. retailer was doing its best to make amends and prevent such a fiasco from happening in the future.
"We know this has shaken their confidence, and we intend to earn it back," Mr. Mulligan said of Target shoppers. "Like you, we are asking hard questions about whether we could have taken different actions before the breach was discovered that would have resulted in different outcomes."
Cyberthieves made off with the personal records of 110 million Target shoppers, making it the largest heist of retail data in history. A recent Bloomberg Businessweek report revealed that Target's security team in Bangalore actually spotted suspicious activity at the end of November, after the cybercriminals had collected data from the busy Black Friday shopping spree. The team forwarded their concerns to Target headquarters in Minneapolis, but no action was taken.
What the security team had spotted was over 100 million personal records, 40 million of them credit cards, being siphoned out of Target's internal systems, prompting many to cry out that the entire heist could have been stopped dead in its tracks.
"Target was certified as meeting the standard for the payment card industry (PCI) in September 2013. Nonetheless, we suffered a data breach. As a result, we are conducting an end-to-end review of our people, processes and technology to understand our opportunities to improve data security and are committed to learning from this experience," said Target chairman, president, and chief executive Gregg Steinhafel in an email statement after the Bloomberg Businessweek story broke.
"While we are still in the midst of an ongoing investigation, we have already taken significant steps, including beginning the overhaul of our information security structure and the acceleration of our transition to chip-enabled cards. However, as the investigation is not complete, we don't believe it's constructive to engage in speculation without the benefit of the final analysis."
Target has admitted that there's a possibility the data breach could be larger in scale than initially revealed.
The Target cyberheist has put cybercrime on the front page. Retailers Neiman Marcus and Michaels among many others have also recently been hit by losses of digital records, although none are as big as Target's. In light of the growing importance of cybersecurity, the U.S. government has become increasingly vocal about proper cybersecurity procedures.
A major area of concern for the U.S. government is how transparent firms are in the wake of a cybercrime, especially if it affects the public. The Obama administration released a 39-page plan outlining a Cybersecurity Framework in February.
"Businesses should be required to provide prompt notice to consumers in the wake of a breach. American consumers should know when they are at risk of identify theft or other harms because of a data security breach," Acting Assistant Attorney General Mythili Raman told the Senate Judiciary Committee hearing in early February.
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!