Data breaches at retail giant Target Corp. between November 27 and December 15 compromised more than 40 million credit and debit card accounts, according to company officials. The intrusion demonstrated the growing sophistication of on-line hackers and spurred calls by privacy advocates and payment card companies for tougher legislation to protect consumers from breaches that compromise their financial and personally identifiable information.
Senator Patrick Leahy (D-VT), chairman of the Senate Judiciary Committee, said in a press release on December 20 that the breach underscores the need for Congress to take steps to protect Americans’ digital privacy. "This data security breach is just the latest in a series of breaches that have impacted the privacy of millions of American consumers in recent years," he said.
In a letter to Senate Banking Committee Chairman Tim Johnson (D-SD) calling for hearings on the matter, Sens. Chuck Schumer (D-NY), Robert Menendez (D-NJ), and Mark Warner (D-VA) wrote: “We believe it would be valuable for the Committee to examine whether market participants are taking all appropriate actions to safeguard consumer data and protect against fraud, identity theft, and other harmful consequences, and whether we need stronger industry-wide cybersecurity standards.”
Calls for legislative action were also echoed by organizations representing financial institutions whose customers were impacted by the data breach. Target officials acknowledged that PIN data of its customers' bank ATM cards were stolen as part of the massive breach.
The National Association of Federal Credit Unions (NAFCU), in a letter to Congress, called on lawmakers to hold hearings on the data protection standards of merchants and how to strengthen them. “Retailers and many other entities that handle sensitive personal financial data are not subject to” the same data security standards that financial institutions must meet, “and they become victims of data breaches and data theft all too often,” wrote NAFCU President and CEO Dan Berger. “While these entities still get paid, financial institutions bear a significant burden as the issuers of payment cards used by millions of consumers. “
In addition to a potential legislative response, members of Congress have also called on various government agencies to conduct investigations into Target Corporation’s data security policies and practices. “Given the scope and duration of Target’s recent data breach, it appears that Target may have failed to employ reasonable and appropriate security measures to protect personal information,” wrote Senator Richard Blumenthal (D-CT) in a December 22 letter to Federal Trade Commission Chairwoman Edith Ramirez.