Published December 20, 2015
Big banks and retailers played the blame game Tuesday as the heads of both industries tried to shift the responsibility over a series of big breaches in consumer data that left millions of Americans exposed to online theft.
But before the finger-pointing began, Target Executive Vice President John Mulligan started his testimony before the Senate Judiciary Committee with an apology.
"We know this breach has shaken their confidence in Target, and we are determined to work very hard to earn it back," Mulligan said, during the first part of the hearing.
More than 110 million Target customers had their personal information exposed during the data breach. The Justice Department notified Target Dec. 12 of suspicious activity involving payment cards used at Target stores.
Mulligan said Target hired its own independent team of experts to conduct a forensic investigation and that on Dec. 14 learned that hackers had infiltrated the system “had installed malware on our point-of-sale network and had potentially stolen guest payment card data.” Three days later, the company disabled malware on 25 additional registers.
An estimated 40 million Target credit and debit card accounts were breached late last year, compromising customers' credit and debit card numbers, expiration dates, PIN numbers and codes on the cards' magnetic strips. Also stolen was non-card personal information — names, phone numbers and email and mailing addresses — for up to 70 million Target customers who could have shopped before or after the Nov. 27-Dec. 15 period.
The computer network at Neiman Marcus was also hit by hackers dating back as far as July. The company notified its customers in January and defended that decision saying it waited to confirm the evidence.
“The malware was evidently able to capture payment card data in real time, right after a card was swiped, and had sophisticated features that made it particularly difficult to detect, including some that were specifically customized to evade our multilayered security architecture that provided strong protection of our customers’ data and our systems,” Michael Kingston, senior vice president of The Neiman Marcus Group said.
Following testimony from retailers, the Senate Judiciary Committee was expected to hear from FTC Commissioner Edith Ramierz and William Noonan, a top agent with the Secret Service’s cyber operations branch.
Noonan will ask lawmakers to do more to prevent cyber theft.