Senate investigators accused Target on Tuesday of making serious missteps that allowed hackers to steal millions of credit card numbers from its system.
Target “missed a number of opportunities”¦ to stop the attackers and prevent the massive data breach,” the Senate Commerce Committee aides wrote in a report.
The findings could expose Target to a lawsuit from the Federal Trade Commission, which has sued dozens of companies in recent years for failing to adequately protect customer data from hackers.
Molly Snyder, a Target spokeswoman, said the company’s investigation is ongoing.
“With the benefit of hindsight, we are investigating whether, if different judgments had been made the outcome may have been different,” she said.
The hackers stole credit card numbers for as many as 40 million Target customers between Nov. 27 and Dec. 15 of last year, according to the retailer. The hackers obtained other personal information such as names and addresses for another estimated 70 million customers.
The report comes ahead of Wednesday’s Senate Commerce Committee hearing which will feature testimony from John Mulligan, Target’s chief financial officer, and FTC Chairwoman Edith Ramirez.
The report details how the hackers breached Target’s system and identifies numerous points where Target could have prevent the theft of its customers’ data.
Target gave access to its network to a small Pennsylvania heating and air conditioning vendor, Fazio Mechanical Services, which had “weak security,” according to the report.
The hackers used malware to infiltrate the vendor and then used the vendor’s credentials to access Target’s system, the investors found. Even then, Target could have disrupted the hack if it responded to its internal alerts.
“Target appears to have failed to respond to multiple warnings from the company’s anti-intrusion software regarding the escape routes the attackers planned to use to exfiltrate data from Target’s network,” the Senate aides wrote.
In public financial filings, Target has acknowledged that it is under investigation by the FTC and state attorneys general over the breach.
Senate Commerce Committee Chairman Jay Rockefeller is pushing legislation that would expand the FTC’s ability to crack down on companies for inadequate data security. His bill, the Data Security and Breach Notification Act, would give the FTC the authority to set data security rules and the power to fine companies for violations.
The legislation would also set a national standard requiring companies to notify customers in the event of a breach.
“While Congress deserves its share of the blame for inaction, I am increasingly frustrated by industry’s disingenuous attempts at negotiations,” the West Virginia Democrat said in a statement. “It’s time for industry to work with us on legislation that reinforces the basic protections American consumers have a right to count on.”
- 1 Hillary Clinton Will Win the Nomination, But Then What?
- 2 Bernie Sanders Is a Loud, Stubborn Socialist. Republicans Like Him Anyway.
- 3 Why Gun Control Can’t Eliminate Gun Violence
- 4 As First Women Graduate Army Ranger School, Women Veterans in Congress Celebrate
- 5 The House Just Voted to Ban Internet Taxes — Forever
What We're Following See More »
Before we get to the specifics of this exposé about escorts working the Iowa and New Hampshire primary crowds, let’s get three things out of the way: 1.) It’s from Cosmopolitan; 2.) most of the women quoted use fake (if colorful) names; and 3.) again, it’s from Cosmopolitan. That said, here’s what we learned:
- Business was booming: one escort who says she typically gets two inquiries a weekend got 15 requests in the pre-primary weekend.
- Their primary season clientele is a bit older than normal—”40s through mid-60s, compared with mostly twentysomething regulars” and “they’ve clearly done this before.”
- They seemed more nervous than other clients, because “the stakes are higher when you’re working for a possible future president” but “all practiced impeccable manners.”
- One escort “typically enjoy[s] the company of Democrats more, just because I feel like our views line up a lot more.”
No matter where you stand on mandating companies to include a backdoor in encryption technologies, it doesn’t make sense to allow that decision to be made on a state level. “The problem with state-level legislation of this nature is that it manages to be both wildly impractical and entirely unenforceable,” writes Brian Barrett at Wired. There is a solution to this problem. “California Congressman Ted Lieu has introduced the ‘Ensuring National Constitutional Rights for Your Private Telecommunications Act of 2016,’ which we’ll call ENCRYPT. It’s a short, straightforward bill with a simple aim: to preempt states from attempting to implement their own anti-encryption policies at a state level.”
Much has been made of David Brooks’s recent New York Times column, in which confesses to missing already the civility and humanity of Barack Obama, compared to who might take his place. In NewYorker.com, Jeffrey Frank reminds us how critical such attributes are to foreign policy. “It’s hard to imagine Kennedy so casually referring to the leader of Russia as a gangster or a thug. For that matter, it’s hard to imagine any president comparing the Russian leader to Hitler [as] Hillary Clinton did at a private fund-raiser. … Kennedy, who always worried that miscalculation could lead to war, paid close attention to the language of diplomacy.”
The New Covenant. The Third Way. The Democratic Leadership Council style. Call it what you will, but whatever centrist triangulation Bill Clinton embraced in 1992, Hillary Clinton wants no part of it in 2016. Writing for Bloomberg, Sasha Issenberg and Margaret Talev explore how Hillary’s campaign has “diverged pointedly” from what made Bill so successful: “For Hillary to survive, Clintonism had to die.” Bill’s positions in 1992—from capital punishment to free trade—“represented a carefully calibrated diversion from the liberal orthodoxy of the previous decade.” But in New Hampshire, Hillary “worked to juggle nostalgia for past Clinton primary campaigns in the state with the fact that the Bill of 1992 or the Hillary of 2008 would likely be a marginal figure within today’s Democratic politics.”
At first, “it was pleasant” to see Trevor Noah “smiling away and deeply dimpling in the Stewart seat, the seat that had lately grown gray hairs,” writes The Atlantic‘s James Parker in assessing the new host of the once-indispensable Daily Show. But where Jon Stewart was a heavyweight, Noah is “a very able lightweight, [who] needs time too. But he won’t get any. As a culture, we’re not about to nurture this talent, to give it room to grow. Our patience was exhausted long ago, by some other guy. We’re going to pass judgment and move on. There’s a reason Simon Cowell is so rich. Impress us today or get thee hence. So it comes to this: It’s now or never, Trevor.”