A Target executive testified on Tuesday that the company was oblivious that hackers were stealing its customers’ information until the government informed the company last month.
“Despite the significant investment and multiple layers of detection that we had within our systems, we did not [detect the breach],” John Mulligan, Target’s executive vice president and chief financial officer, said during a Senate Judiciary Committee hearing.
The Justice Department informed Target of suspicious activity involving its customers’ credit and debit cards on Dec. 12 last year. The company wasn’t able to rid its systems of the computer virus until Dec. 18, Mulligan said.
The breach affected as many as 110 million people who shopped at Target between Nov. 27 and Dec. 18.
Mulligan testified that the hackers inserted a virus into the registers in Target stores. The virus, which went undetected by the company’s virus-protection programs, captured payment information before it could be encrypted in Target’s system.
In addition to credit- and debit-card numbers, the hackers also captured the names, mailing addresses, phone numbers, and email addresses of millions of customers. In some cases, the hackers were even able to obtain customers’ PIN numbers, Mulligan said.
“I want to say how deeply sorry we are for the impact this incident has had on our guests — your constituents,” Mulligan said.
“We know this breach has shaken their confidence in Target, and we are determined to work very hard to earn it back.”
He argued that if credit- and debit-card companies had used “Chip and PIN” technology, it would have protected the customer information.
Michael Kingston, senior vice president and chief information officer at Neiman Marcus, said his company realized that hackers had invaded its system on Jan. 2, and was able to get rid of the virus by Jan. 10. The breach may have affected about 1 million payment cards, Kingston said.
Several Democrats, including Judiciary Committee Chairman Patrick Leahy, have introduced bills that would empower the government to fine companies that fail to implement adequate privacy and security safeguards.
Sen. Charles Grassley, the ranking Republican on the Judiciary Committee, argued that legislation should focus only on voluntary guidelines.
“In a world of crafty criminals, it seems to me that one-size-fits-all approach won’t work, or at least won’t work for everybody,” Grassley said. “Instead, let’s see how the government can partner with private business to strengthen data security.”
But Democrats emphasized the importance of mandatory security rules.
“Rights are not real unless they are enforceable,” said Sen. Richard Blumenthal, of Connecticut.
What We're Following See More »
The Supreme Court announced "that it would consider a challenge to President Trump’s latest effort to limit travel from countries said to pose a threat to the nation’s security." The case concerns Trump's most recent attempt to make good on a campaign promise "tainted by religious animus" and only questionably justified by national security concerns. The decision to take the case, called Trump v. Hawaii, comes almost exactly a year after Trump issued the first travel ban. The ban under consideration affects Iran, Libya, Syria, Yemen, Somalia, Chad and North Korea.
Trump wants to move the two grants, the High Intensity Drug Trafficking Areas grant and the Drug Free Communities Act, to the Justice and Health and Human Services departments, respectively. This would result in a $300 million plus reduction in funding, about 95 percent of the cost of the Office of National Drug Control Policy. "'I’m baffled at the idea of cutting the office or reducing it significantly and taking away its programs in the middle of an epidemic,'" said Regina LaBelle, who served as ONDCP chief of staff during the Obama administration. This is the second time the Trump Administration has proposed gutting the agency.
A new report assembled by the watchdog group Citizens for Responsibility and Ethics in Washington has identified more than 500 potential conflicts of interest in President Trump's first year. First, the report notes, Trump spent 122 days at his properties during his first year. He has been accompanied by 70 federal officials and 30 members of Congress. "Second, far from this signaled access to power being an empty promise, those who patronize President Trump’s businesses have, in fact, gained access to the president and his inner circle." Lastly, about 40 special interest groups and 11 foreign governments have held events at Trump properties.