Senators blame Target execs for big data breach

March 27th, 2014


By Byron Acohido, Last Watchdog

Target’s top dogs were raked over the coals at a Congressional hearing on Wednesday.

Two Democratic senators criticized Target’s management for not stopping a huge data breach of its systems, citing several missed opportunities to thwart the attack and protect customer data.

Sen. John D. Rockefeller IV, D-West Virg., and Sen. Richard Blumenthal, D-Con., pointed to Target’s failure to heed alerts issued by its expensive new FireEye malware detection systems and blamed its top executives.

“The best technology in the world is useless unless there’s good management,” Blumenthal said. “And here, to be quite blunt, there were multiple warnings from the company’s anti-intrusion software; they were missed by management.”

Target bullseyeRockefeller characterized Target’s failure to stop hackers from exfiltrating sensitive data for 110 million of its customers as a  “clarion call to businesses, both large and small, that it’s time to invest in some changes.”

Target CFO John J. Mulligan, apologize effusively. “We know this has shaken their confidence, and we intend to earn it back,” Mr. Mulligan said of Target’s customers. “Like you, we are asking hard questions about whether we could have taken different actions before the breach was discovered that would have resulted in different outcomes.”

Data thieves pilfered payment card information for 40 million people and personal information, like phone numbers and email addresses, for 70 million more. Target has said it believes there is an overlap of at least 12 million people between the groups.

Craig Spiezle, executive director of the Online Trust Alliance, told Last Watchdog he believes the privacy sector holds explicit responsibility to better protect consumer data. Spiezle is in the camp of advocates for new federal laws supporting that notion.

“While there is no guarantee of security, when a bank, retailer or other entity fails to follow established best practices and heed warnings, then they and their Board need to be held accountable,” Spiezle asserts. “This is critical to consumer protection and the resiliency of our nation’s economy and critical infrastructure. In the absence of meaningful self-regulation, business and consumers alike will benefit from strong Federal legislation.”

Mulligan

Mulligan

Mulligan and other witnesses testified that they supported heightened federal regulations. Sen. Patrick Leahy, D-Vt., is happy to oblige. In January, as news broke about the Target breach, Leahy re-introduced legislation to set a national standard for data breach notification, and require American businesses to take extra security step when they collect and store consumer information. The bill also gives the Federal Trade Commission oversight authority to regulate data security standards.

Had any of the earlier versions of Leahy’s bill been enacted into law, Target would have had to have followed the federal disclosure requirements. It remains to be seen if Leahy’s bill will become the law of the land this time around.