By Mark Hosenball and Alina Selyukh
WASHINGTON Jan 13 Democratic lawmakers called
on Monday for a congressional inquiry into the hacking of credit
and debit card data of tens of millions of customers of No. 3
U.S. retailer Target Corp during the holiday shopping
The request to the Financial Services Committee of the U.S.
House of Representatives piggybacks on a similar move by Senate
Democrats on Friday. Target has said a breach of its networks
resulted in the theft of about 40 million credit and debit card
records and 70 million other records with customer information.
In a letter to Jeb Hensarling, the committee's Republican
chairman, 17 committee Democrats, led by ranking member Maxine
Waters, asked for a "full Financial Services Committee hearing."
The letter said a hearing should review current consumer
protection laws and determine what could be done to ensure the
future security of consumers' card information.
"It is incumbent upon our Committee to explore whether
industry data protection standards are appropriate, and examine
whether heightened regulatory standards are needed to more
effectively protect consumers," the Democrats wrote.
Hensarling said in a statement on Monday night that
"Americans have a right to expect that the personal information
they turn over to private companies and government agencies will
be protected and kept secure from loss, unauthorized access or
"The House Financial Services Committee has held, and will
continue to hold, hearings on the security of information
collected by these agencies and financial institutions and will
continue to press for accountability of all those who collect
personal consumer data," Hensarling added.
After the request from Senate Democrats last week, Senate
Banking Committee leaders have confirmed they plan a hearing on
data security issues in late January.
Although the hearings would allow for an airing of
grievances and potentially bring Target officials to Washington
for questioning about how the case has been handled, they would
not necessarily result in taking any kind of action or in
A bill by Senate Judiciary Committee Chairman Patrick Leahy
remains the only data security bill on tap for now.
The National Association of Federal Credit Unions sent
letters on Monday to congressional leaders, demanding action on
'GOING TO GET TO BOTTOM OF THIS'
Target disclosed on Dec. 19 that it was a victim of one of
the biggest credit card breaches on record, which it said lasted
for 19 days in the busy holiday shopping season through Dec. 15.
Sources familiar with the investigation previously said that
Target learned about the attack only after receiving warnings
from financial industry sources who reported seeing a surge in
fraudulent credit card activity from accounts of customers who
had shopped at the retailer.
Another retailer, Neiman Marcus, disclosed on Friday that it
was warned about a possible breach in mid-December and that an
outside forensics firm confirmed a breach on Jan. 1, saying it
found evidence that some payment card data may have been
Connecticut, which is helping lead a coalition of more than
30 states investigating the Target data breach, said it was also
looking into the Neiman Marcus matter. "To the extent that we
become aware of breaches at other retailers, we will be looking
into those as well," a spokeswoman for the state attorney
general's office said.
New York and Illinois are also probing the Neiman Marcus
breach, state officials said.
Target Chief Executive Gregg Steinhafel told CNBC TV on
Monday in his first interview since the breach that "we're going
to get to the bottom of this. We're not going to rest until we
understand what happened and how that happened."
In the CNBC interview, Steinhafel said the company
"confirmed" it had been victim of a breach on Dec. 15, but he
provided no account of what happened in preceding weeks.
The company is trying to woo back customers after sales
dropped off at the end of the holiday season. Its campaign
included full-page newspaper advertisements on Monday
apologizing for the attack.
The Federal Trade Commission (FTC), the Securities and
Exchange Commission and state attorneys general would
potentially look into Target's actions. The FTC does not confirm
or deny the existence of ongoing investigations and would only
get involved if Target is shown to have failed to protect
Target has said it is working in partnership with the Secret
Service, the lead agency involved in the data breach case, and
the Department of Justice, but did not comment on any FTC