Target Execs Had No Idea They Were Hacked Until the Government Told Them

Senators tangle over data-security regulations at hearing.

Customers check out at the cash register in a Target store on December 19, 2013 in Miami, Florida. Target announced that about 40 million credit and debit card accounts of customers who made purchases by swiping their cards at terminals in its U.S. stores between November 27 and December 15 may have been stolen.
National Journal
Brendan Sasso
Add to Briefcase
See more stories about...
Brendan Sasso
Feb. 4, 2014, 7:18 a.m.

A Tar­get ex­ec­ut­ive test­i­fied on Tues­day that the com­pany was ob­li­vi­ous that hack­ers were steal­ing its cus­tom­ers’ in­form­a­tion un­til the gov­ern­ment in­formed the com­pany last month.

“Des­pite the sig­ni­fic­ant in­vest­ment and mul­tiple lay­ers of de­tec­tion that we had with­in our sys­tems, we did not [de­tect the breach],” John Mul­ligan, Tar­get’s ex­ec­ut­ive vice pres­id­ent and chief fin­an­cial of­ficer, said dur­ing a Sen­ate Ju­di­ciary Com­mit­tee hear­ing.

The Justice De­part­ment in­formed Tar­get of sus­pi­cious activ­ity in­volving its cus­tom­ers’ cred­it and deb­it cards on Dec. 12 last year. The com­pany wasn’t able to rid its sys­tems of the com­puter vir­us un­til Dec. 18, Mul­ligan said.

The breach af­fected as many as 110 mil­lion people who shopped at Tar­get between Nov. 27 and Dec. 18.

Mul­ligan test­i­fied that the hack­ers in­ser­ted a vir­us in­to the re­gisters in Tar­get stores. The vir­us, which went un­detec­ted by the com­pany’s vir­us-pro­tec­tion pro­grams, cap­tured pay­ment in­form­a­tion be­fore it could be en­cryp­ted in Tar­get’s sys­tem.

In ad­di­tion to cred­it- and deb­it-card num­bers, the hack­ers also cap­tured the names, mail­ing ad­dresses, phone num­bers, and email ad­dresses of mil­lions of cus­tom­ers. In some cases, the hack­ers were even able to ob­tain cus­tom­ers’ PIN num­bers, Mul­ligan said.

“I want to say how deeply sorry we are for the im­pact this in­cid­ent has had on our guests — your con­stitu­ents,” Mul­ligan said.

“We know this breach has shaken their con­fid­ence in Tar­get, and we are de­term­ined to work very hard to earn it back.”

He ar­gued that if cred­it- and deb­it-card com­pan­ies had used “Chip and PIN” tech­no­logy, it would have pro­tec­ted the cus­tom­er in­form­a­tion.

Mi­chael King­ston, seni­or vice pres­id­ent and chief in­form­a­tion of­ficer at Nei­man Mar­cus, said his com­pany real­ized that hack­ers had in­vaded its sys­tem on Jan. 2, and was able to get rid of the vir­us by Jan. 10. The breach may have af­fected about 1 mil­lion pay­ment cards, King­ston said.

Sev­er­al Demo­crats, in­clud­ing Ju­di­ciary Com­mit­tee Chair­man Patrick Leahy, have in­tro­duced bills that would em­power the gov­ern­ment to fine com­pan­ies that fail to im­ple­ment ad­equate pri­vacy and se­cur­ity safe­guards.

Sen. Charles Grass­ley, the rank­ing Re­pub­lic­an on the Ju­di­ciary Com­mit­tee, ar­gued that le­gis­la­tion should fo­cus only on vol­un­tary guidelines.

“In a world of crafty crim­in­als, it seems to me that one-size-fits-all ap­proach won’t work, or at least won’t work for every­body,” Grass­ley said. “In­stead, let’s see how the gov­ern­ment can part­ner with private busi­ness to strengthen data se­cur­ity.”

But Demo­crats em­phas­ized the im­port­ance of man­dat­ory se­cur­ity rules.

“Rights are not real un­less they are en­force­able,” said Sen. Richard Blu­menth­al, of Con­necti­c­ut.

What We're Following See More »
SHUTDOWN LOOMING
House Approves Spending Bill
14 hours ago
BREAKING

The House has completed it's business for 2016 by passing a spending bill which will keep the government funded through April 28. The final vote tally was 326-96. The bill's standing in the Senate is a bit tenuous at the moment, as a trio of Democratic Senators have pledged to block the bill unless coal miners get a permanent extension on retirement and health benefits. The government runs out of money on Friday night.

HEADS TO OBAMA
Senate Approves Defense Bill
15 hours ago
THE LATEST

The Senate passed the National Defense Authorization Act today, sending the $618 billion measure to President Obama. The president vetoed the defense authorization bill a year ago, but both houses could override his disapproval this time around.

Source:
ANTI-MINIMUM WAGE INCREASE
Trump Chooses Hardee’s/Carl’s Jr CEO as Labor Sec
17 hours ago
BREAKING
BUCKING THE BOSS?
Trump Cabinet Full of TPP Supporters
17 hours ago
WHY WE CARE

"President-elect Donald Trump railed against the Trans-Pacific Partnership on his way to winning the White House and has vowed immediately to withdraw the U.S. from the 12-nation accord. Several of his cabinet picks and other early nominees to top posts, however, have endorsed or spoken favorably about the trade pact, including Iowa Gov. Terry Branstad, announced Wednesday as Mr. Trump’s pick for ambassador to China, and retired Marine Gen. James Mattis, Mr. Trump’s pick to head the Department of Defense."

Source:
WWE WRESTLING OWNER
Trump to Nominate Linda McMahon to Head SBA
1 days ago
THE LATEST
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login