Target Execs Had No Idea They Were Hacked Until the Government Told Them

Senators tangle over data-security regulations at hearing.

Customers check out at the cash register in a Target store on December 19, 2013 in Miami, Florida. Target announced that about 40 million credit and debit card accounts of customers who made purchases by swiping their cards at terminals in its U.S. stores between November 27 and December 15 may have been stolen.
National Journal
Brendan Sasso
See more stories about...
Brendan Sasso
Feb. 4, 2014, 7:18 a.m.

A Tar­get ex­ec­ut­ive test­i­fied on Tues­day that the com­pany was ob­li­vi­ous that hack­ers were steal­ing its cus­tom­ers’ in­form­a­tion un­til the gov­ern­ment in­formed the com­pany last month.

“Des­pite the sig­ni­fic­ant in­vest­ment and mul­tiple lay­ers of de­tec­tion that we had with­in our sys­tems, we did not [de­tect the breach],” John Mul­ligan, Tar­get’s ex­ec­ut­ive vice pres­id­ent and chief fin­an­cial of­ficer, said dur­ing a Sen­ate Ju­di­ciary Com­mit­tee hear­ing.

The Justice De­part­ment in­formed Tar­get of sus­pi­cious activ­ity in­volving its cus­tom­ers’ cred­it and deb­it cards on Dec. 12 last year. The com­pany wasn’t able to rid its sys­tems of the com­puter vir­us un­til Dec. 18, Mul­ligan said.

The breach af­fected as many as 110 mil­lion people who shopped at Tar­get between Nov. 27 and Dec. 18.

Mul­ligan test­i­fied that the hack­ers in­ser­ted a vir­us in­to the re­gisters in Tar­get stores. The vir­us, which went un­detec­ted by the com­pany’s vir­us-pro­tec­tion pro­grams, cap­tured pay­ment in­form­a­tion be­fore it could be en­cryp­ted in Tar­get’s sys­tem.

In ad­di­tion to cred­it- and deb­it-card num­bers, the hack­ers also cap­tured the names, mail­ing ad­dresses, phone num­bers, and email ad­dresses of mil­lions of cus­tom­ers. In some cases, the hack­ers were even able to ob­tain cus­tom­ers’ PIN num­bers, Mul­ligan said.

“I want to say how deeply sorry we are for the im­pact this in­cid­ent has had on our guests — your con­stitu­ents,” Mul­ligan said.

“We know this breach has shaken their con­fid­ence in Tar­get, and we are de­term­ined to work very hard to earn it back.”

He ar­gued that if cred­it- and deb­it-card com­pan­ies had used “Chip and PIN” tech­no­logy, it would have pro­tec­ted the cus­tom­er in­form­a­tion.

Mi­chael King­ston, seni­or vice pres­id­ent and chief in­form­a­tion of­ficer at Nei­man Mar­cus, said his com­pany real­ized that hack­ers had in­vaded its sys­tem on Jan. 2, and was able to get rid of the vir­us by Jan. 10. The breach may have af­fected about 1 mil­lion pay­ment cards, King­ston said.

Sev­er­al Demo­crats, in­clud­ing Ju­di­ciary Com­mit­tee Chair­man Patrick Leahy, have in­tro­duced bills that would em­power the gov­ern­ment to fine com­pan­ies that fail to im­ple­ment ad­equate pri­vacy and se­cur­ity safe­guards.

Sen. Charles Grass­ley, the rank­ing Re­pub­lic­an on the Ju­di­ciary Com­mit­tee, ar­gued that le­gis­la­tion should fo­cus only on vol­un­tary guidelines.

“In a world of crafty crim­in­als, it seems to me that one-size-fits-all ap­proach won’t work, or at least won’t work for every­body,” Grass­ley said. “In­stead, let’s see how the gov­ern­ment can part­ner with private busi­ness to strengthen data se­cur­ity.”

But Demo­crats em­phas­ized the im­port­ance of man­dat­ory se­cur­ity rules.

“Rights are not real un­less they are en­force­able,” said Sen. Richard Blu­menth­al, of Con­necti­c­ut.

What We're Following See More »
AT LEAST NOT YET
Paul Ryan Can’t Get Behind Trump
9 hours ago
THE LATEST

Paul Ryan told CNN today he's "not ready" to back Donald Trump at this time. "I'm not there right now," he said. Ryan said Trump needs to unify "all wings of the Republican Party and the conservative movement" and then run a campaign that will allow Americans to "have something that they're proud to support and proud to be a part of. And we've got a ways to go from here to there."

Source:
STAFF PICKS
Preet Bharara Learned at the Foot of Chuck Schumer
9 hours ago
WHY WE CARE

In The New Yorker, Jeffrey Toobin gives Preet Bharara, the U.S. Attorney for the Southern District of New York, the longread treatment. The scourge of corrupt New York pols, bad actors on Wall Street, and New York gang members, Bharara learned at the foot of Chuck Schumer, the famously limelight-hogging senator whom he served as a member of the Senate Judiciary Committee staff. No surprise then, that after President Obama appointed him, Bharara "brought a media-friendly approach to what has historically been a closed and guarded institution. In professional background, Bharara resembles his predecessors; in style, he’s very different. His personality reflects his dual life in New York’s political and legal firmament. A longtime prosecutor, he sometimes acts like a budding pol; his rhetoric leans more toward the wisecrack than toward the jeremiad. He expresses himself in the orderly paragraphs of a former high-school debater, but with deft comic timing and a gift for shtick."

Source:
DRUG OFFENDERS
Obama Commutes the Sentences of 58 Prisoners
9 hours ago
WHY WE CARE

President Obama has announced another round of commutations of prison sentences. Most of the 58 individuals named are incarcerated for possessions with intent to distribute controlled substances. The prisoners will be released between later this year and 2018.

STAFF PICKS
Trump Roadmapped His Candidacy in 2000
10 hours ago
WHY WE CARE

The Daily Beast has unearthed a piece that Donald Trump wrote for Gear magazine in 2000, which anticipates his 2016 sales pitch quite well. "Perhaps it's time for a dealmaker who can get the leaders of Congress to the table, forge consensus, and strike compromise," he writes. Oddly, he opens by defending his reputation as a womanizer: "The hypocrites argue that a man who loves and appreciates beautiful women (and does so legally and openly) shouldn't become a national leader? Is there something wrong with appreciating beautiful women? Don't we want people in public office who show signs of life?"

Source:
‘NO MORAL OR ETHICAL GROUNDING’
Sen. Murphy: Trump Shouldn’t Get Classified Briefigs
10 hours ago
THE LATEST
×