Target Execs Had No Idea They Were Hacked Until the Government Told Them

Senators tangle over data-security regulations at hearing.

Customers check out at the cash register in a Target store on December 19, 2013 in Miami, Florida. Target announced that about 40 million credit and debit card accounts of customers who made purchases by swiping their cards at terminals in its U.S. stores between November 27 and December 15 may have been stolen.
National Journal
Brendan Sasso
Add to Briefcase
Brendan Sasso
Feb. 4, 2014, 7:18 a.m.

A Tar­get ex­ec­ut­ive test­i­fied on Tues­day that the com­pany was ob­li­vi­ous that hack­ers were steal­ing its cus­tom­ers’ in­form­a­tion un­til the gov­ern­ment in­formed the com­pany last month.

“Des­pite the sig­ni­fic­ant in­vest­ment and mul­tiple lay­ers of de­tec­tion that we had with­in our sys­tems, we did not [de­tect the breach],” John Mul­ligan, Tar­get’s ex­ec­ut­ive vice pres­id­ent and chief fin­an­cial of­ficer, said dur­ing a Sen­ate Ju­di­ciary Com­mit­tee hear­ing.

The Justice De­part­ment in­formed Tar­get of sus­pi­cious activ­ity in­volving its cus­tom­ers’ cred­it and deb­it cards on Dec. 12 last year. The com­pany wasn’t able to rid its sys­tems of the com­puter vir­us un­til Dec. 18, Mul­ligan said.

The breach af­fected as many as 110 mil­lion people who shopped at Tar­get between Nov. 27 and Dec. 18.

Mul­ligan test­i­fied that the hack­ers in­ser­ted a vir­us in­to the re­gisters in Tar­get stores. The vir­us, which went un­detec­ted by the com­pany’s vir­us-pro­tec­tion pro­grams, cap­tured pay­ment in­form­a­tion be­fore it could be en­cryp­ted in Tar­get’s sys­tem.

In ad­di­tion to cred­it- and deb­it-card num­bers, the hack­ers also cap­tured the names, mail­ing ad­dresses, phone num­bers, and email ad­dresses of mil­lions of cus­tom­ers. In some cases, the hack­ers were even able to ob­tain cus­tom­ers’ PIN num­bers, Mul­ligan said.

“I want to say how deeply sorry we are for the im­pact this in­cid­ent has had on our guests — your con­stitu­ents,” Mul­ligan said.

“We know this breach has shaken their con­fid­ence in Tar­get, and we are de­term­ined to work very hard to earn it back.”

He ar­gued that if cred­it- and deb­it-card com­pan­ies had used “Chip and PIN” tech­no­logy, it would have pro­tec­ted the cus­tom­er in­form­a­tion.

Mi­chael King­ston, seni­or vice pres­id­ent and chief in­form­a­tion of­ficer at Nei­man Mar­cus, said his com­pany real­ized that hack­ers had in­vaded its sys­tem on Jan. 2, and was able to get rid of the vir­us by Jan. 10. The breach may have af­fected about 1 mil­lion pay­ment cards, King­ston said.

Sev­er­al Demo­crats, in­clud­ing Ju­di­ciary Com­mit­tee Chair­man Patrick Leahy, have in­tro­duced bills that would em­power the gov­ern­ment to fine com­pan­ies that fail to im­ple­ment ad­equate pri­vacy and se­cur­ity safe­guards.

Sen. Charles Grass­ley, the rank­ing Re­pub­lic­an on the Ju­di­ciary Com­mit­tee, ar­gued that le­gis­la­tion should fo­cus only on vol­un­tary guidelines.

“In a world of crafty crim­in­als, it seems to me that one-size-fits-all ap­proach won’t work, or at least won’t work for every­body,” Grass­ley said. “In­stead, let’s see how the gov­ern­ment can part­ner with private busi­ness to strengthen data se­cur­ity.”

But Demo­crats em­phas­ized the im­port­ance of man­dat­ory se­cur­ity rules.

“Rights are not real un­less they are en­force­able,” said Sen. Richard Blu­menth­al, of Con­necti­c­ut.

What We're Following See More »
APPEALS COURT RULED TRUMP EXCEEDED HIS AUTHORITY
Supreme Court Takes Up Trump Travel Ban
5 hours ago
THE LATEST

The Supreme Court announced "that it would consider a challenge to President Trump’s latest effort to limit travel from countries said to pose a threat to the nation’s security." The case concerns Trump's most recent attempt to make good on a campaign promise "tainted by religious animus" and only questionably justified by national security concerns. The decision to take the case, called Trump v. Hawaii, comes almost exactly a year after Trump issued the first travel ban. The ban under consideration affects Iran, Libya, Syria, Yemen, Somalia, Chad and North Korea.

Source:
FACES STIFF OPPOSITION FROM BOTH PARTIES
Trump Proposes 95 Percent Cut To Office of Drug Control Budget
8 hours ago
THE LATEST

Trump wants to move the two grants, the High Intensity Drug Trafficking Areas grant and the Drug Free Communities Act, to the Justice and Health and Human Services departments, respectively. This would result in a $300 million plus reduction in funding, about 95 percent of the cost of the Office of National Drug Control Policy. "'I’m baffled at the idea of cutting the office or reducing it significantly and taking away its programs in the middle of an epidemic,'" said Regina LaBelle, who served as ONDCP chief of staff during the Obama administration. This is the second time the Trump Administration has proposed gutting the agency.

Source:
HOPES A DEAL CAN GET DONE
Schumer Meeting with Trump for Last-Ditch Meeting
9 hours ago
THE LATEST
BLURRY LINE BETWEEN BUSINESS/PRESIDENCY
New CREW Report Identifies 500 Conflicts of Interest in Trump’s First Year
9 hours ago
THE DETAILS

A new report assembled by the watchdog group Citizens for Responsibility and Ethics in Washington has identified more than 500 potential conflicts of interest in President Trump's first year. First, the report notes, Trump spent 122 days at his properties during his first year. He has been accompanied by 70 federal officials and 30 members of Congress. "Second, far from this signaled access to power being an empty promise, those who patronize President Trump’s businesses have, in fact, gained access to the president and his inner circle." Lastly, about 40 special interest groups and 11 foreign governments have held events at Trump properties.

Source:
BY SCALISE
House Told to “Stay Flexible”
10 hours ago
THE DETAILS
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login