Skip Navigation

Close and don't show again.

Your browser is out of date.

You may not get the full experience here on National Journal.

Please upgrade your browser to any of the following supported browsers:

Senate Report: Target Could Have Prevented Massive Hack Senate Report: Target Could Have Prevented Massive Hack

This ad will end in seconds
 
Close X

Not a member? Learn More »

Forget Your Password?

Don't have an account? Register »

Reveal Navigation
 

 

Tech

Senate Report: Target Could Have Prevented Massive Hack

The retail giant could face a federal lawsuit.

Senate investigators accused Target on Tuesday of making serious missteps that allowed hackers to steal millions of credit card numbers from its system.

Target "missed a number of opportunities… to stop the attackers and prevent the massive data breach," the Senate Commerce Committee aides wrote in a report.

The findings could expose Target to a lawsuit from the Federal Trade Commission, which has sued dozens of companies in recent years for failing to adequately protect customer data from hackers.

 

Molly Snyder, a Target spokeswoman, said the company's investigation is ongoing.

"With the benefit of hindsight, we are investigating whether, if different judgments had been made the outcome may have been different," she said.

The hackers stole credit card numbers for as many as 40 million Target customers between Nov. 27 and Dec. 15 of last year, according to the retailer. The hackers obtained other personal information such as names and addresses for another estimated 70 million customers.

The report comes ahead of Wednesday's Senate Commerce Committee hearing which will feature testimony from John Mulligan, Target's chief financial officer, and FTC Chairwoman Edith Ramirez.

The report details how the hackers breached Target's system and identifies numerous points where Target could have prevent the theft of its customers' data.

Target gave access to its network to a small Pennsylvania heating and air conditioning vendor, Fazio Mechanical Services, which had "weak security," according to the report.

The hackers used malware to infiltrate the vendor and then used the vendor's credentials to access Target's system, the investors found. Even then, Target could have disrupted the hack if it responded to its internal alerts.

"Target appears to have failed to respond to multiple warnings from the company's anti-intrusion software regarding the escape routes the attackers planned to use to exfiltrate data from Target's network," the Senate aides wrote.

The report is largely based on the work of journalist Brian Krebs, a story in Bloomberg Businessweek and other news accounts of the breach. 

In public financial filings, Target has acknowledged that it is under investigation by the FTC and state attorneys general over the breach.

Senate Commerce Committee Chairman Jay Rockefeller is pushing legislation that would expand the FTC's ability to crack down on companies for inadequate data security. His bill, the Data Security and Breach Notification Act, would give the FTC the authority to set data security rules and the power to fine companies for violations.

The legislation would also set a national standard requiring companies to notify customers in the event of a breach.

"While Congress deserves its share of the blame for inaction, I am increasingly frustrated by industry's disingenuous attempts at negotiations," the West Virginia Democrat said in a statement. "It's time for industry to work with us on legislation that reinforces the basic protections American consumers have a right to count on."

LIKE THIS STORY? Sign up for Tech Edge

Sign up for our daily newsletter and stay on top of tech coverage.

Sign up form for Tech Edge
Job Board
Search Jobs
Digital and Content Manager, E4C
American Society of Civil Engineers | New York, NY
PRODUCT REVIEW ENGINEER
American Society of Civil Engineers | CA
Neighborhood Traffic Safety Services Intern
American Society of Civil Engineers | Bellevue, WA
United Technologies Research Fellow
American Society of Civil Engineers | New York, NY
Process Engineering Co-op
American Society of Civil Engineers | Conshohocken, PA
Electrical Engineer Co-op
American Society of Civil Engineers | Findlay, OH
Application Engineer/Developer INTERN - Complex Fluids
American Society of Civil Engineers | Brisbane, CA
Application Engineer - Internships CAE/CFD Metro Detroit
American Society of Civil Engineers | Livonia, MI
Chief Geoscientist
American Society of Civil Engineers
Application Engineer - Internships CAE/CFD Metro Boston
American Society of Civil Engineers | Burlington, MA
Professional Development Program Engineer
American Society of Civil Engineers | Farmington Hills, MI
Civil Enginering Intern - Water/Wastewater/Site-Development
American Society of Civil Engineers | Sacramento, CA
Staff Accountant
American Society of Civil Engineers | Englewood, CO
Biomedical Service Internship Position
American Society of Civil Engineers | Flint, MI
 
Comments
comments powered by Disqus