Target Blamed by Senate, Sued by Banks for Data Breach

Share this content:
Target CFO John Mulligan
Target CFO John Mulligan

A contrite Target CFO John Mulligan quietly served as the whipping boy for the huge retailer during a hearing of the Senate Committee on Commerce, Science & Transportation yesterday, in which Chairman Jay Rockefeller (D-WV) and Sen. Ed Markey (D-MA) administered a tongue lashing.

“I think we can all agree that if Target—or any other company—is going to collect detailed information about its customers, they need to do everything possible to protect it from identity thieves. It is now well known that Target fell far short of doing this,” said Rockefeller. He then proclaimed that private companies like Target hold “vastly larger amounts” of sensitive personal data than does the government, “and they spend much less time and money protecting [it].”

In an opening statement in a hearing that also included FTC Chairwoman Edith Ramirez and University of Maryland (UMD) President Wallace Loh, Mulligan recounted how, on November 12 of last year, intruders falsely obtained credentials as Target-approved HVAC vendors and gained access to Target's point of sale network to install malware in it. Target had no knowledge of the breach, Mulligan said, until receiving an alert of spurious activity from the Justice Department on December 12 and meeting with government officials the next day. Details of the breach were not released to the public until six days later, which was too long a lapse in the opinion of Rockefeller and other committee members.

“Signals were missed by management,” said Sen. Richard Blumenthal (D-CT). “The notification of the breach happened well before there was notification to consumers. There's a question that arises in the minds of a lot of consumers: ‘Was there enough timely notification and what can be done to improve that pace in the future?'”

Markey questioned personnel selection in the data security department at Target headquarters. “To say that this is a surprise is just to say you're not keeping up,” Markey scolded. “Five or six of the smartest young geeks in your company should have been asked what to do. They have access to the technology."

After Loh testified that free credit reporting services for people involved in UMD's breach was extended from one to five years following complaints, Markey chided Mulligan for not doing the same. “So Target just offered one year?” exclaimed the senator. “My concern is the same as Dr. Loh's that one year is too brief a period of time.”

Mulligan provided an apology on Target's behalf. “Let me reiterate how deeply sorry we are for the impact this incident has had on our guests—your constituents,” he said. “We are asking hard questions about whether we could have taken different actions before the breach was discovered that would have resulted in different outcomes. In particular, we are focused on what information we had that could have alerted us to the breach earlier—whether we had the right personnel in the right positions and ensuring that decisions related to operational and security matters were sound. We are working diligently to answer these questions.”

All in all it's not been a good week for the big retailer. Earlier in the day, it was reported that banks affected by the customer credit card breach had filed a class action suit against Target and its corporate information security vendor Trustwave.

close

Next Article in Privacy

Sign up to our newsletters

Company of the Week

Brightcove is the world's leading video platform. The most innovative and respected brands confidently rely on Brightcove to solve their most demanding communication challenges because of the unmatched performance and flexibility of our platform, our global scale and reliability, and our award-winning service. With thousands of customers and an industry-leading suite of cloud video products, Brightcove enables customers to drive compelling business results.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above