WASHINGTON (Reuters) - Democratic lawmakers called on Monday for a congressional inquiry into the hacking of credit and debit card data of tens of millions of customers of No. 3 U.S. retailer Target Corp during the holiday shopping season.
The request to the Financial Services Committee of the U.S. House of Representatives piggybacks on a similar move by Senate Democrats on Friday. Target has said a breach of its networks resulted in the theft of about 40 million credit and debit card records and 70 million other records with customer information.
In a letter to Jeb Hensarling, the committee’s Republican chairman, 17 committee Democrats, led by ranking member Maxine Waters, asked for a “full Financial Services Committee hearing.”
The letter said a hearing should review current consumer protection laws and determine what could be done to ensure the future security of consumers’ card information.
“It is incumbent upon our Committee to explore whether industry data protection standards are appropriate, and examine whether heightened regulatory standards are needed to more effectively protect consumers,” the Democrats wrote.
Hensarling said in a statement on Monday night that “Americans have a right to expect that the personal information they turn over to private companies and government agencies will be protected and kept secure from loss, unauthorized access or misuse.”
“The House Financial Services Committee has held, and will continue to hold, hearings on the security of information collected by these agencies and financial institutions and will continue to press for accountability of all those who collect personal consumer data,” Hensarling added.
After the request from Senate Democrats last week, Senate Banking Committee leaders have confirmed they plan a hearing on data security issues in late January.
Although the hearings would allow for an airing of grievances and potentially bring Target officials to Washington for questioning about how the case has been handled, they would not necessarily result in taking any kind of action or in legislation.
A bill by Senate Judiciary Committee Chairman Patrick Leahy remains the only data security bill on tap for now.
The National Association of Federal Credit Unions sent letters on Monday to congressional leaders, demanding action on data security.
Target disclosed on December 19 that it was a victim of one of the biggest credit card breaches on record, which it said lasted for 19 days in the busy holiday shopping season through December 15.
Sources familiar with the investigation previously said that Target learned about the attack only after receiving warnings from financial industry sources who reported seeing a surge in fraudulent credit card activity from accounts of customers who had shopped at the retailer.
Another retailer, Neiman Marcus, disclosed on Friday that it was warned about a possible breach in mid-December and that an outside forensics firm confirmed a breach on January 1, saying it found evidence that some payment card data may have been compromised.
Connecticut, which is helping lead a coalition of more than 30 states investigating the Target data breach, said it was also looking into the Neiman Marcus matter. “To the extent that we become aware of breaches at other retailers, we will be looking into those as well,” a spokeswoman for the state attorney general’s office said.
New York and Illinois are also probing the Neiman Marcus breach, state officials said.
Target Chief Executive Gregg Steinhafel told CNBC TV on Monday in his first interview since the breach that “we’re going to get to the bottom of this. We’re not going to rest until we understand what happened and how that happened.
In the CNBC interview, Steinhafel said the company “confirmed” it had been victim of a breach on December 15, but he provided no account of what happened in preceding weeks.
The company is trying to woo back customers after sales dropped off at the end of the holiday season. Its campaign included full-page newspaper advertisements on Monday apologizing for the attack.
The Federal Trade Commission (FTC), the Securities and Exchange Commission and state attorneys general would potentially look into Target’s actions. The FTC does not confirm or deny the existence of ongoing investigations and would only get involved if Target is shown to have failed to protect customer data.
Target has said it is working in partnership with the Secret Service, the lead agency involved in the data breach case, and the Department of Justice, but did not comment on any FTC involvement.
Additional reporting by Rick Cowan in Washington, Dhanya Skariachan and Phil Wahba in New York, Ross Kerber and Jim Finkle in Boston, and Karen Freifeld in New York; Editing by Leslie Adler, Grant McCool, Peter Cooney and Eric Walsh