WASHINGTON/NEW YORK (Reuters) - Congress turned up the heat on Target Corp on Thursday, summoning the company’s chief financial officer to testify at a Senate hearing, while Democrats on a House committee asked the No. 3 retailer to turn over a slew of documents related to its massive data breach.
The vast scope of the hacking into the networks of Minneapolis-based Target during the holiday shopping season has raised the stakes for data security discussion in Congress, with numerous lawmakers now weighing in.
John Mulligan, Target’s executive vice president and CFO, will speak to the Senate Judiciary Committee on February 4, in what likely will be the first time the retailer publicly answers questions about the unprecedented attack.
“We are continuing to work with elected officials to keep them informed and updated as our investigation continues,” Target spokeswoman Molly Snyder said in an email to Reuters.
Lawmakers have spent recent weeks calling for hearings, requesting information and floating legislation in the wake of a breach of Target’s networks that resulted in the theft of an estimated 40 million credit and debit card records and 70 million other records with customer information such as addresses and telephone numbers.
Representatives of the Federal Trade Commission, the Secret Service and the Department of Justice are also slated to testify at the Senate Judiciary hearing, according to the committee’s schedule.
The Secret Service and the Department of Justice are working with Target to investigate the breach, while FTC could investigate Target if the retailer is found to have improperly protected customer data.
Judiciary Committee Chairman Patrick Leahy had in the past authored a data security breach bill, which he re-introduced after the news of the Target case.
Target is also facing information inquiries from Democratic leaders in the Senate and the Republican-controlled House of Representatives.
On Thursday, Henry Waxman, the top Democrat on the House Energy and Commerce Committee, and two colleagues demanded from Target CEO Gregg Steinhafel a vast cache of documents related to the causes and impacts of the data breach, including emails, analyses and internal reports, to be provided ahead of a planned early-February hearing.
David Kennedy, CEO of TrustedSec LLC, a firm that helps companies respond to cyber attacks, termed the request “onerous and unprecedented,” even though lawmakers have said they would keep the information confidential.
“You just can’t basically say ‘give me everything you have related to your security program.’ This is crazy,” Kennedy said.
Last week, Senate Commerce Committee Chairman Jay Rockefeller and Claire McCaskill, who chairs the Commerce subcommittee on consumer protection, both Democrats, also wrote to Steinhafel, asking for a briefing on Target’s investigation and latest findings.
Rockefeller plans to introduce data security legislation, according to his staff. He had in the past authored such legislation.
A second data security bill currently on tap was re-introduced by Senate Homeland Security Committee Chairman Tom Carper, a Democrat, and Republican Senator Roy Blunt and has been referred to the Senate Banking Committee, aides said.
Democratic Senator Richard Blumenthal, who co-signed Leahy’s bill, has told Reuters he would discuss complementary legislation with other lawmakers.
Data security legislation, including any efforts to streamline the patchwork of state laws now guiding how and how fast consumers learn about data breaches, have in the past found little traction in Congress.
In other pending efforts, Senate Banking Committee leaders have said they plan their own hearing on data security, and Democratic lawmakers have called on the House Financial Services Committee’s Republican Chairman Jeb Hensarling for a hearing, too.
Separately, privately owned luxury retail chain Neiman Marcus has said it, too, was a victim of a cyber attack, and sources have told Reuters at least six other retail chains have been hacked.
In a post on Neiman’s website dated January 22, Chief Executive Officer Karen Katz said data tied to about 1.1 million customer payment cards could have been exposed as part of the breach from July 16 to October 30.
So far, about 2,400 payment cards used at Neiman Marcus’ various chains have been used fraudulently, Katz said, citing notification from credit card networks Visa Inc, MasterCard Inc and Discover Financial Services.
Reuters reported on Thursday that the FBI, in a confidential report, has warned retailers to prepare for more cyber attacks after discovering about 20 hacking cases in the past year that involved the same kind of malicious software used against Target.
Reporting by Alina Selyukh, Dhanya Skariachan, Phil Wahba and Jim Finkle; Editing by Ros Krasny, Jonathan Oatis and Ken Wills