By Alina Selyukh and Dhanya Skariachan
WASHINGTON/NEW YORK Jan 23 Congress turned up
the heat on Target Corp on Thursday, summoning the
company's chief financial officer to testify at a Senate
hearing, while Democrats on a House committee asked the No. 3
retailer to turn over a slew of documents related to its massive
The vast scope of the hacking into the networks of
Minneapolis-based Target during the holiday shopping season has
raised the stakes for data security discussion in Congress, with
numerous lawmakers now weighing in.
John Mulligan, Target's executive vice president and CFO,
will speak to the Senate Judiciary Committee on Feb. 4, in what
likely will be the first time the retailer publicly answers
questions about the unprecedented attack.
"We are continuing to work with elected officials to keep
them informed and updated as our investigation continues,"
Target spokeswoman Molly Snyder said in an email to Reuters.
Lawmakers have spent recent weeks calling for hearings,
requesting information and floating legislation in the wake of a
breach of Target's networks that resulted in the theft of an
estimated 40 million credit and debit card records and 70
million other records with customer information such as
addresses and telephone numbers.
Representatives of the Federal Trade Commission, the Secret
Service and the Department of Justice are also slated to testify
at the Senate Judiciary hearing, according to the committee's
The Secret Service and the Department of Justice are working
with Target to investigate the breach, while FTC could
investigate Target if the retailer is found to have improperly
protected customer data.
Judiciary Committee Chairman Patrick Leahy had in the past
authored a data security breach bill, which he re-introduced
after the news of the Target case.
Target is also facing information inquiries from Democratic
leaders in the Senate and the Republican-controlled House of
On Thursday, Henry Waxman, the top Democrat on the House
Energy and Commerce Committee, and two colleagues demanded from
Target CEO Gregg Steinhafel a vast cache of documents related to
the causes and impacts of the data breach, including emails,
analyses and internal reports, to be provided ahead of a planned
David Kennedy, CEO of TrustedSec LLC, a firm that helps
companies respond to cyber attacks, termed the request "onerous
and unprecedented," even though lawmakers have said they would
keep the information confidential.
"You just can't basically say 'give me everything you have
related to your security program.' This is crazy," Kennedy said.
Last week, Senate Commerce Committee Chairman Jay
Rockefeller and Claire McCaskill, who chairs the Commerce
subcommittee on consumer protection, both Democrats, also wrote
to Steinhafel, asking for a briefing on Target's investigation
and latest findings.
Rockefeller plans to introduce data security legislation,
according to his staff. He had in the past authored such
A second data security bill currently on tap was
re-introduced by Senate Homeland Security Committee Chairman Tom
Carper, a Democrat, and Republican Senator Roy Blunt and has
been referred to the Senate Banking Committee, aides said.
Democratic Senator Richard Blumenthal, who co-signed Leahy's
bill, has told Reuters he would discuss complementary
legislation with other lawmakers.
Data security legislation, including any efforts to
streamline the patchwork of state laws now guiding how and how
fast consumers learn about data breaches, have in the past found
little traction in Congress.
In other pending efforts, Senate Banking Committee leaders
have said they plan their own hearing on data security, and
Democratic lawmakers have called on the House Financial Services
Committee's Republican Chairman Jeb Hensarling for a hearing,
Separately, privately owned luxury retail chain Neiman
Marcus has said it, too, was a victim of a cyber attack, and
sources have told Reuters at least six other retail chains have
In a post on Neiman's website dated Jan. 22, Chief Executive
Officer Karen Katz said data tied to about 1.1 million customer
payment cards could have been exposed as part of the breach from
July 16 to Oct. 30. [ID: nL2N0KX1N2]
So far, about 2,400 payment cards used at Neiman Marcus'
various chains have been used fraudulently, Katz said, citing
notification from credit card networks Visa Inc,
MasterCard Inc and Discover Financial Services.
Reuters reported on Thursday that the FBI, in a confidential
report, has warned retailers to prepare for more cyber attacks
after discovering about 20 hacking cases in the past year that
involved the same kind of malicious software used against