WASHINGTON Feb 4 A senior official at Target
Corp told U.S. lawmakers on Tuesday the retailer was
"deeply sorry" for the massive data breach it suffered over the
holiday shopping period, and said it was determined to win back
In prepared testimony for his appearance before a U.S.
Senate Judiciary Committee hearing probing the data breaches,
John Mulligan, Target chief financial officer and executive vice
president, said the cyber attack "has only strengthened our
"We will learn from this incident and, as a result, we hope
to make Target, and our industry, more secure for customers in
the future," he said.
The committee hearing is one of a series of congressional
panels this week in response to the Target breach and other
Target, the no. 3 U.S. retailer, disclosed on Dec. 19 that
it was a victim of one of the biggest credit card breaches on
record. Mulligan said it affected customers who shopped at the
company's U.S. stores from Nov. 27 through Dec. 18.
Some 40 million credit and debit card records were stolen
from the retailer, along with 70 million other records with
customer information such as addresses and telephone numbers.
"I want to say how deeply sorry we are for the impact this
incident has had on our guests - your constituents," Mulligan
told the committee in his prepared remarks. "We know this breach
has shaken their confidence in Target, and we are determined to
work very hard to earn it back."
Mulligan said the retailer started its investigation of the
breach on Dec. 12 after being notified by the Justice Department
of suspicious activity involving payment cards used at Target
On Dec. 15, Target confirmed that criminals had infiltrated
its system through the use of malware, and had potentially
stolen payment card data, Mulligan said. On the same day, Target
removed the malware from virtually all its U.S. sales registers.
"We now know that the intruder stole a vendor's credentials
to access our system and place malware on our point-of-sale
registers. The malware was designed to capture payment card data
from the magnetic strip of credit and debit cards prior to
encryption within our system," Mulligan said.
He added that the company's investigation later found that
the malware also captured some encrypted data for personal
identification, or PIN, numbers.
Mulligan said the company had taken a number of steps since
the breach to strengthen its security, including a review of its
entire network, increased fraud detection for its Target REDcare
holders and accelerated investment in chip technology for its
In an opinion piece on the Hill newspaper on Monday,
Mulligan wrote that Target now hoped to implement its $100
million chip-enabled smart-card program by early 2015, more than
six months ahead of its previous schedule.
The enhanced smart cards contain tiny microprocessor chips
that encrypt personal data shared with sales terminals used by
merchants. Stolen smart-card numbers would be useless without
Also scheduled to appear at the hearing on Tuesday is Neiman
Marcus Group Senior Vice President Michael Kingston.
The Dallas-based luxury retailer has disclosed a data breach
that compromised data from about 1.1 million cards.