Target May Face Federal Suit Over Privacy Fumble

The FTC is probing the massive hack of credit card information.

Customers check out at the cash register in a Target store on December 19, 2013 in Miami, Florida. Target announced that about 40 million credit and debit card accounts of customers who made purchases by swiping their cards at terminals in its U.S. stores between November 27 and December 15 may have been stolen.
National Journal
Brendan Sasso
March 18, 2014, 12:48 p.m.

Tar­get could face fed­er­al charges for fail­ing to pro­tect its cus­tom­ers’ data from hack­ers.

The re­tail­er has been in con­tact with the Fed­er­al Trade Com­mis­sion, Molly Snyder, a Tar­get spokes­wo­man, told Na­tion­al Journ­al.

It’s un­clear wheth­er the FTC has is­sued any sub­poen­as or oth­er form­al de­mands for in­form­a­tion. The FTC de­clined to com­ment on wheth­er it has launched a form­al in­vest­ig­a­tion.

But former com­mis­sion of­fi­cials said the agency is al­most cer­tainly tak­ing a hard look at the in­cid­ent, which res­ul­ted in 40 mil­lion cred­it-card num­bers fall­ing in­to the hands of hack­ers.

“When you see a data breach of this size with clear harm to con­sumers, it’s clearly something that the FTC would be in­ter­ested in look­ing at,” said Jon Leibowitz, a former FTC chair­man who is now a part­ner at Dav­is Polk and Ward­well.

Dav­id Vladeck, a pro­fess­or at Geor­getown Law Cen­ter and a former head of the FTC’s Con­sumer Pro­tec­tion Bur­eau, said it “wouldn’t be sur­pris­ing” if the FTC is in­vest­ig­at­ing the case.

“This would be right in the FTC’s wheel­house,” he said. “It demon­strates why the FTC needs to be the cop on the beat here.”

Sen. Richard Blu­menth­al, a Con­necti­c­ut Demo­crat, urged the FTC to in­vest­ig­ate the Tar­get hack soon after it be­came pub­lic in Decem­ber.

“If Tar­get failed to ad­equately and ap­pro­pri­ately pro­tect its cus­tom­ers’ data, then the breach we saw this week was not just a breach of se­cur­ity; it was a breach of trust,” he wrote in a let­ter to the agency.

The former FTC of­fi­cials noted that just be­cause hack­ers man­aged to breach a com­pany’s sys­tem doesn’t mean the com­pany had in­ad­equate se­cur­ity prac­tices. Hack­ers are some­times able to pen­et­rate even the most se­cure sys­tems.

But re­cent re­ports have shown that Tar­get made a series of mis­steps lead­ing up to the hack. The com­pany gave a re­fri­ger­a­tion, heat­ing, and air-con­di­tion­ing sub­con­tract­or cre­den­tials to its sys­tem. The hack­ers stole those cre­den­tials from the vendor, and then they placed a vir­us in Tar­get’s re­gisters that al­lowed them to ob­tain pay­ment in­form­a­tion for every cred­it and deb­it card that was swiped.

On Nov. 30, a data-se­cur­ity firm hired by Tar­get aler­ted the com­pany about a pos­sible breach of its sys­tem, but the com­pany failed to act, ac­cord­ing to Bloomberg Busi­nes­s­week.

The FTC po­lices data se­cur­ity un­der its leg­al au­thor­ity over “un­fair” busi­ness prac­tices. Com­pan­ies have a re­spons­ib­il­ity to take “reas­on­able and ap­pro­pri­ate” steps to pro­tect the data they col­lect from con­sumers, ac­cord­ing to FTC law­yers.

The FTC has settled dozens of data-se­cur­ity cases in re­cent years with com­pan­ies in­clud­ing Twit­ter, Rite Aid, and CVS. But Wyndham, a glob­al hotel chain, is fight­ing charges that the FTC brought in 2012. The com­pany claims that the FTC’s leg­al power to go after com­pan­ies for “un­fair” prac­tices does not in­clude in­ad­equate data se­cur­ity.

A fed­er­al court in New Jer­sey is ex­pec­ted to rule on the case soon. If the court sides with Wyndham, it could strip the FTC of power to over­see data se­cur­ity.

But both Leibowitz and Vladeck said they ex­pect the agency to beat back the chal­lenge from Wyndham. If the FTC loses, Con­gress could step in to re­store the FTC’s power.

Con­gress is already con­sid­er­ing le­gis­la­tion that would ex­pand the FTC’s au­thor­ity to al­low it to fine com­pan­ies for in­ad­equate data se­cur­ity. Cur­rently, the agency can force a com­pany to change its prac­tices but can­not pun­ish com­pan­ies.

The former FTC of­fi­cials as well as Edith Ramirez, the cur­rent chair­wo­man of the FTC, ar­gue that Con­gress should give the agency fin­ing au­thor­ity for data se­cur­ity.

“We as a so­ci­ety ex­per­i­ence too many data breaches, and I think there’s an un­der-de­terrence in this field,” Vladeck said. “I think com­pan­ies need to get the mes­sage.”

What We're Following See More »
TAKING A LONG VIEW TO SOUTHERN STATES
In Dropout Speech, Santorum Endorses Rubio
3 days ago
THE DETAILS

As expected after earlier reports on Wednesday, Rick Santorum ended his presidential bid. But less expected: he threw his support to Marco Rubio. After noting he spoke with Rubio the day before for an hour, he said, “Someone who has a real understanding of the threat of ISIS, real understanding of the threat of fundamentalist Islam, and has experience, one of the things I wanted was someone who has experience in this area, and that’s why we decided to support Marco Rubio.” It doesn’t figure to help Rubio much in New Hampshire, but the Santorum nod could pay dividends down the road in southern states.

Source:
‘PITTING PEOPLE AGAINST EACH OTHER’
Rubio, Trump Question Obama’s Mosque Visit
3 days ago
WHY WE CARE

President Obama’s decision to visit a mosque in Baltimore today was never going to be completely uncontroversial. And Donald Trump and Marco Rubio proved it. “Maybe he feels comfortable there,” Trump told interviewer Greta van Susteren on Fox News. “There are a lot of places he can go, and he chose a mosque.” And in New Hampshire, Rubio said of Obama, “Always pitting people against each other. Always. Look at today – he gave a speech at a mosque. Oh, you know, basically implying that America is discriminating against Muslims.”

Source:
THE TIME IS NOW, TED
Cruz Must Max Out on Evangelical Support through Early March
3 days ago
WHY WE CARE

For Ted Cruz, a strong showing in New Hampshire would be nice, but not necessary. That’s because evangelical voters only make up 21% of the Granite State’s population. “But from the February 20 South Carolina primary through March 15, there are nine states (South Carolina, Alabama, Arkansas, Georgia, Oklahoma, Tennessee, Kentucky, Mississippi, and North Carolina) with an estimated white-Evangelical percentage of the GOP electorate over 60 percent, and another four (Texas, Kansas, Louisiana, and Missouri) that come in over 50 percent.” But after that, he better be in the catbird’s seat, because only four smaller states remain with evangelical voter majorities.

Source:
CHRISTIE, BUSH TRYING TO TAKE HIM DOWN
Rubio Now Winning the ‘Endorsement Primary’
3 days ago
WHY WE CARE

Since his strong third-place finish in Iowa, Marco Rubio has won endorsement by two sitting senators and two congressmen, putting him in the lead for the first time of FiveThirtyEight‘s Endorsement Tracker. “Some politicians had put early support behind Jeb Bush — he had led [their] list since August — but since January the only new endorsement he has received was from former presidential candidate Sen. Lindsey Graham.” Meanwhile, the New York Times reports that fueled by resentment, “members of the Bush and Christie campaigns have communicated about their mutual desire to halt … Rubio’s rise in the polls.”

Source:
7 REPUBLICANS ON STAGE
Carly Fiorina Will Not Be Allowed to Debate on Saturday
2 days ago
THE LATEST

ABC News has announced the criteria for Saturday’s Republican debate, and that means Carly Fiorina won’t be a part of it. The network is demanding candidates have “a top-three finish in Iowa, a top-six standing in an average of recent New Hampshire polls or a top-six placement in national polls in order for candidates to qualify.” And there will be no “happy hour” undercard debate this time. “So that means no Fiorina vs. Jim Gilmore showdown earlier in the evening for the most ardent of campaign 2016 junkies.

Source:
×