By Mark Hosenball and Ros Krasny
WASHINGTON, Jan 14 (Reuters) - Two U.S. senators were seeking answers on Tuesday from the chief executive of Target Corp about the company’s response to the hacking of credit and debit cards of millions of its customers during the holiday shopping season.
“We ask that Target’s information-security officials provide a briefing to committee staff regarding your company’s investigation and latest findings,” said John Rockefeller, chairman of the Senate Commerce Committee, and Claire McCaskill, who heads a Commerce subcommittee on consumer protection.
The Democratic senators’ Jan. 10 letter to Target CEO Gregg Steinhafel was released on Tuesday, the latest in a growing chorus of calls by lawmakers and others for inquiries into the hacking of the No. 3 U.S. retailer.
“We have received the chairmen’s letter and are continuing to work with them and other elected officials to keep them informed and updated as our investigation continues,” Target spokeswoman Molly Snyder said in an email to Reuters.
Shortly afterwards, the top Democrat on the House Oversight and Government Reform Committee sought a hearing on the theft of about 40 million credit and debit card records and 70 million other records containing customer information.
Representative Elijah Cummings said the committee’s focus since October has been investigating the security of the federal government’s health insurance website, HealthCare.gov, which has not been breached.
He urged the committee chairman, Republican Darrell Issa, who made a fortune as head of a company that makes car alarms and other automotive security devices, to turn his attention to Target.
“In addition to serving the interests of millions of American consumers affected by this breach, I believe the committee could learn from these witnesses about their failures, successes and best practices in order to better secure our federal information technology systems,” Cummings wrote.
An aide to Issa told Reuters the committee was likely to “do some follow up” on the Target issue.
Target disclosed on Dec. 19 that it was a victim of one of the biggest credit card breaches on record, which it said lasted for 19 days in the busy holiday shopping season through Dec. 15.
The company on Monday apologized for the breach.
“It has been three weeks since the data breach was discovered, and new information continues to come out,” Rockefeller and McCaskill wrote. “We expect that your security experts have had time to fully examine the cause and impact of the breach and will be able to provide the Committee with detailed information.”
The Target hacking shows the need for federal legislation on commercial data practices, the senators said.
Democratic lawmakers sought a congressional hearing on Monday from the Financial Services Committee. Its Republican chairman, Jeb Hensarling, said his panel will continue to hold hearings on the security of financial information and on how to protect personal consumer information.
“Americans have a right to expect that the personal information they turn over to private companies and government agencies will be protected and kept secure from loss, unauthorized access or misuse,” Hensarling said in a statement.
Separately, an official with the House Energy and Commerce committee’s majority Republicans said that one of its subcommittees has held numerous hearings on data breaches and that it was monitoring the Target situation but has taken no specific action.
The National Association of Federal Credit Unions sent letters on Monday to congressional leaders, demanding action on data security.
Although congressional hearings would allow for an airing of grievances and could bring Target officials to Washington for questioning about how the case has been handled, they would not necessarily result in any action or in legislation.
Steinhafel told CNBC television on Monday: “We’re going to get to the bottom of this. We’re not going to rest until we understand what happened and how that happened.”
Target shares closed at $61.70, up 0.3 percent, on the New York Stock Exchange.