Target Execs Had No Idea They Were Hacked Until the Government Told Them

Senators tangle over data-security regulations at hearing.

Customers check out at the cash register in a Target store on December 19, 2013 in Miami, Florida. Target announced that about 40 million credit and debit card accounts of customers who made purchases by swiping their cards at terminals in its U.S. stores between November 27 and December 15 may have been stolen.
National Journal
Brendan Sasso
See more stories about...
Brendan Sasso
Feb. 4, 2014, 7:18 a.m.

A Tar­get ex­ec­ut­ive test­i­fied on Tues­day that the com­pany was ob­li­vi­ous that hack­ers were steal­ing its cus­tom­ers’ in­form­a­tion un­til the gov­ern­ment in­formed the com­pany last month.

“Des­pite the sig­ni­fic­ant in­vest­ment and mul­tiple lay­ers of de­tec­tion that we had with­in our sys­tems, we did not [de­tect the breach],” John Mul­ligan, Tar­get’s ex­ec­ut­ive vice pres­id­ent and chief fin­an­cial of­ficer, said dur­ing a Sen­ate Ju­di­ciary Com­mit­tee hear­ing.

The Justice De­part­ment in­formed Tar­get of sus­pi­cious activ­ity in­volving its cus­tom­ers’ cred­it and deb­it cards on Dec. 12 last year. The com­pany wasn’t able to rid its sys­tems of the com­puter vir­us un­til Dec. 18, Mul­ligan said.

The breach af­fected as many as 110 mil­lion people who shopped at Tar­get between Nov. 27 and Dec. 18.

Mul­ligan test­i­fied that the hack­ers in­ser­ted a vir­us in­to the re­gisters in Tar­get stores. The vir­us, which went un­detec­ted by the com­pany’s vir­us-pro­tec­tion pro­grams, cap­tured pay­ment in­form­a­tion be­fore it could be en­cryp­ted in Tar­get’s sys­tem.

In ad­di­tion to cred­it- and deb­it-card num­bers, the hack­ers also cap­tured the names, mail­ing ad­dresses, phone num­bers, and email ad­dresses of mil­lions of cus­tom­ers. In some cases, the hack­ers were even able to ob­tain cus­tom­ers’ PIN num­bers, Mul­ligan said.

“I want to say how deeply sorry we are for the im­pact this in­cid­ent has had on our guests — your con­stitu­ents,” Mul­ligan said.

“We know this breach has shaken their con­fid­ence in Tar­get, and we are de­term­ined to work very hard to earn it back.”

He ar­gued that if cred­it- and deb­it-card com­pan­ies had used “Chip and PIN” tech­no­logy, it would have pro­tec­ted the cus­tom­er in­form­a­tion.

Mi­chael King­ston, seni­or vice pres­id­ent and chief in­form­a­tion of­ficer at Nei­man Mar­cus, said his com­pany real­ized that hack­ers had in­vaded its sys­tem on Jan. 2, and was able to get rid of the vir­us by Jan. 10. The breach may have af­fected about 1 mil­lion pay­ment cards, King­ston said.

Sev­er­al Demo­crats, in­clud­ing Ju­di­ciary Com­mit­tee Chair­man Patrick Leahy, have in­tro­duced bills that would em­power the gov­ern­ment to fine com­pan­ies that fail to im­ple­ment ad­equate pri­vacy and se­cur­ity safe­guards.

Sen. Charles Grass­ley, the rank­ing Re­pub­lic­an on the Ju­di­ciary Com­mit­tee, ar­gued that le­gis­la­tion should fo­cus only on vol­un­tary guidelines.

“In a world of crafty crim­in­als, it seems to me that one-size-fits-all ap­proach won’t work, or at least won’t work for every­body,” Grass­ley said. “In­stead, let’s see how the gov­ern­ment can part­ner with private busi­ness to strengthen data se­cur­ity.”

But Demo­crats em­phas­ized the im­port­ance of man­dat­ory se­cur­ity rules.

“Rights are not real un­less they are en­force­able,” said Sen. Richard Blu­menth­al, of Con­necti­c­ut.

What We're Following See More »
OTHER SECRETARIES AT FAULT, TOO
State Dept. Review Faults Clinton Email Management
27 minutes ago
THE LATEST

"A State Department audit has faulted Hillary Clinton and previous secretaries of state for poorly managing email and other computer information and slowly responding to new cybersecurity risks. ... It cites 'longstanding, systemic weaknesses' related to communications. These started before Clinton's appointment as secretary of state, but her failures were singled out as more serious."

Source:
CRUZ STILL TOOK DELEGATES AT THE CONVENTION
Trump Rolls in Washington Primary
44 minutes ago
THE LATEST

Donald Trump "was on course to win more than three-quarters of the vote in Washington's primary" last night. Ted Cruz's defunct candidacy still pulled about 10 percent. "Cruz dropped out of the race on May 3, but won 40 of the state's 41 delegates up for grabs at last weekend's state GOP convention."

Source:
MULTIPLE OFFICERS INJURED
Trump Rally Turns Violent in New Mexico
1 hours ago
WHY WE CARE

"What started as a calm protest outside Donald Trump’s rally Tuesday erupted into fiery violence as protesters jumped on police cars, smashed windows and fought with Trump supporters and police. Police faced such an angry crowd that they called in reinforcements from around the state, seeking to double their numbers to counter the protesters, whose numbers swelled beyond 600." Protesters threw rocks and bottles at police, who broke up several fights. 

Source:
‘LOTS OF MEETINGS’
Hill Dems Mull Dropping Wasserman Schultz
4 hours ago
THE DETAILS

Concerned that she's become too divisive, "Democrats on Capitol Hill are discussing whether Rep. Debbie Wasserman Schultz should step down as Democratic National Committee (DNC) chairwoman before the party’s national convention in July. ... Wasserman Schultz has had an increasingly acrimonious relationship with the party’s other presidential candidate, Bernie Sanders, and his supporters, who argue she has tilted the scales in Clinton’s favor." The money quote, from a Democratic senator who backs Clinton: “There have been a lot of meetings over the past 48 hours about what color plate do we deliver Debbie Wasserman Schultz’s head on." Meanwhile, Newsweek takes a look at why no one seems to like Wasserman Schultz.

Source:
PRESIDENT PLEDGES VETO
House Votes Today on Bill to Strip Budget Autonomy from DC
4 hours ago
THE LATEST

"The U.S. House of Representatives plans to vote Wednesday on a Republican bill that would block the District of Columbia from spending locally raised tax revenue without congressional approval, prompting President Obama to pledge to veto it. In issuing the veto threat on Tuesday, the Obama White House made one of the strongest statements to date in support of the District’s attempt to win financial independence from Congress."

Source:
×