WASHINGTON – Two members of the Senate Commerce Committee are seeking answers from Target Corp. about the recent data breach that put 70 million of the Minneapolis-based retailers’ customers at risk.
In a Jan. 10 letter, Senators Jay Rockefeller, D-W.Va., and Claire McCaskill, D-Mo., asked CEO Gregg Steinhafel to brief the Senate Commerce, Science and Transportation Committee to explain how information from so many customer accounts was stolen.
“It has been three weeks since the data breach was discovered, and new information continues to come out,” they wrote. “We expect your security experts have had time to fully examine the cause and impact of the breach and will be able to provide the committee with detailed information.”
A Target spokeswoman said Wednesday that the company had received the senators’ letter and was “continuing to work with them and other elected officials to keep them informed and updated as our investigation continues.”
She did not say when Target officials might meet with Commerce Committee members.
Senate and House members from Minnesota, including Senate Commerce Committee member Amy Klobuchar, generally agreed that a congressional briefing by Target is appropriate. But no one called for a wider investigation of the company’s handling of the data breach.
“I have personally spoken with the Target CEO several times and have been briefed on the [company’s] investigation,” Klobuchar said in an e-mail statement. “I think it would be a good idea for all members to receive this information. We also need to make sure that the technology we have to protect consumers’ information is as sophisticated as the criminals who are trying to obtain it.”
Sen. Al Franken, D-Minn., has made privacy protections one of his main focuses. In an e-mail statement, Franken said he has spoken to Steinhafel and that Target has “been very forthcoming.”
“I understand how scary it is when this happens to your credit or debit card,” Franken added. “Data breaches like this … raise important questions about the responsibilities corporations have to protect consumer data and inform their customers when that data has been compromised.”
Consumers need “peace of mind” that their data is protected when they swipe credit cards, Rep. Tim Walz, D-Minn., said in an e-mail statement. “I agree with Senators Rockefeller and McCaskill that a briefing is needed to figure out what happened in this incident and what can be done to prevent it from happening in the future.”
Target has embarked on a national campaign of apologies and assurances that the company will not allow harm to come to customers whose information was stolen. But attorneys general from New York, Connecticut and Massachusetts said they are joining a nationwide probe into the security breach. Already, the Secret Service and the Justice Department are investigating along with Target and a third-party forensics team.
A spokesman for Minnesota Attorney General Lori Swanson would not confirm or deny the existence of an investigation Wednesday. But Massachusetts Attorney General Martha Coakley told reporters several days ago that her state is participating in multistate investigation.
‘As long as tenor is right’
Rep. Keith Ellison, the Democrat who represents Minneapolis, where Target is based, said the company has cooperated fully with his requests to talk about the data theft. He said a congressional briefing is fine “as long as the tenor is right.”
“It would make perfect sense to call Target and say, ‘Come to Washington to talk.’ And Target needs to think about cyber security. But it’s not like Target did anything wrong. They were the victims of a crime. Do we want to investigate someone for being the victim of a crime?”
The Target data breach is spurring calls for action.
Target waited four days after learning that its database had been hacked to announce the theft of customer information, and Rockefeller and McCaskill said the incident demonstrates a need to tighten rules on revealing data breaches.
Citing the Target situation, Franken sent a letter Wednesday to executives of major U.S. credit card companies requesting information about technology that places security chips in cards and requires personal identification numbers to access them.
He asked the executives to describe their efforts to move to chip technology, which he said is already used “in most other industrialized countries.”