Democratic House and Senate lawmakers are stepping up demands for greater scrutiny of data breaches at Target Corp. that may have affected as many as 70 million customer accounts.
Sen. Jay Rockefeller of West Virginia, chairman of the Commerce Committee, sent a letter to Target Chief Executive Officer Gregg Steinhafel requesting a briefing for committee staff on the “circumstances that permitted unauthorized access” to the credit- and debit-card data during the holiday season.
“We expect that your security experts have had time to fully examine the cause and impact of the breach and will be able to provide the committee with detailed information,” the senator's letter said.
In the House, Rep. Elijah Cummings, D-Md. and the top Democrat on the Committee on Oversight and Government Reform, sent a letter to the committee's chairman, Darrell Issa, R-Calif., requesting a hearing on the matter.
The Democratic push is part of growing scrutiny of data breaches at U.S. retailers. Neiman Marcus Group is also being investigated by states including Connecticut and Illinois over the theft of customer credit-card data by hackers.
Dallas-based Neiman Marcus said Jan. 10 that some unauthorized purchases may have been made with credit cards.
A Senate Banking subcommittee plans to hold a hearing on the data breaches late this month, said Beth Adelson, a spokeswoman for Sen. Mark Warner, D-Va. and panel member.
Separately, 17 Democratic members of the House Financial Services Committee called last week for the chairman, Rep. Jeb Hensarling, R-Texas, to hold a similar inquiry.
Target, based in Minneapolis, has said that a theft of customer data may have affected anyone who provided basic information to the retailer over the past several years.
Last month Target, the second-largest U.S. discount chain, said credit- and debit-card data for as many as 40 million consumers who shopped in its stores between Nov. 27 and Dec. 15 may have been compromised. Target disclosed Jan. 10 that thieves also got access to the names, phone numbers and home and e-mail addresses of as many 70 million people.
In an open letter published Monday in several newspapers across the country, Steinhafel apologized for the privacy breaches and said the retailer is hiring a team of data security experts and ensuring that consumers won't be liable for any fraudulent charges arising from the incident.
“I know this breach has had a real impact on you, creating a great deal of confusion and frustration,” Steinhafel said in the letter. “I share those feelings,” he said. “We are determined to make things right.”
In his letter to Issa, Cummings said that while the Republican-led House oversight committee was investigating President Barack Obama's healthcare.gov website late last year, millions of Americans were “subjected to one of the most massive information technology breaches in history.”
“The committee could learn from these witnesses about their failures, successes and best practices in order to better secure our federal information technology systems,” Cummings said.
Issa said in an interview at the Capitol, “we're certainly willing to look at whether or not they employed best practices in production and security.” He said he was more focused on avoiding data breaches at agencies such as the Internal Revenue Service and the Department of Health and Human Services.
Issa's staff is talking with Cummings's staff about addressing the issue, said Frederick Hill, a spokesman for Issa.
The Target breach occurred when a computer virus infected Target's point-of-sale terminals where shoppers swipe a credit or debit card to make a purchase, a person familiar with the matter said last month on condition of anonymity. The breach affected many types of credit and debit cards used at the stores, not just Target-branded cards.
Sales at the U.S. unit were “meaningfully weaker” after the data theft was disclosed, the company has said. U.S. same- store sales will fall about 2.5 percent in the quarter through January, compared with an earlier projection they would be little changed. Adjusted earnings per share will be $1.20 to $1.30 for the division, down from a previous estimate of at least $1.50.
With assistance from Matt Townsend in New York, Cheyenne Hopkins and Richard Rubin in Washington, Chris Dolmetsch in New York State Supreme Court in Manhattan and Andrew Harris in federal court in Chicago.