Senators are going after Target in the wake of a massive hacking that compromised the credit card numbers of some 40 million customers between Nov. 27 and Dec. 15.
The numbers were swiped from U.S. stores and not from Target.com purchases, the retail giant said. There was no indication that PIN numbers on debit bank cards were compromised.
“We understand that a situation like this creates stress and anxiety about the safety of your payment card data at Target,” Gregg Steinhafel, chairman, president and CEO of Target said in a statement. “Our brand has been built on a 50-year foundation of trust with our guests, and we want to assure you that the cause of this issue has been addressed and you can shop with confidence at Target.”
Sen. Chuck Schumer (D-N.Y.) said the chain hasn’t revealed enough information about how it was hacked and how much information was compromised, and called for an investigation by the Consumer Financial Protection Bureau.
“We need to figure out exactly what happened at Target, and then we need to figure out ways to prevent it,” Schumer said Sunday.
Sen. Richard Blumenthal (D-Conn.) sent a letter to Federal Trade Commission Chairwoman Edith Ramirez calling for an investigation into Target’s data security policies and practices.
“If Target failed to adequately and appropriately protect its customers’ data, then the breach we saw this week was not just a breach of security; it was a breach of trust. The Federal Trade Commission (the FTC or the Commission) has the authority and the responsibility to investigate and address this kind of event, and I urge you to look into this case immediately,” Blumenthal wrote.
“Given the scope and duration of Target’s recent data breach, it appears that Target may have failed to employ reasonable and appropriate security measures to protect personal information. A breach of this size indicates that somebody gained extensive and unfettered access to customer information held by Target. The fact that the intrusion lasted for more than two weeks indicates that Target’s procedures for detecting and shutting down an effort to steal customer data does not live up to a reasonable standard. If Target failed to adequately protect customer information, it denied customers the protection that they rightly expect when a business collects their personal information. Its conduct would be unfair and deceptive, and it would clearly violate the FTC Act,” the senator continued.
“While it is clear that the FTC has the authority to investigate breaches like the one that occurred at Target stores, it is equally clear that the Commission needs additional authority to impose sanctions sufficient to fully punish and deter the conduct that leads to such breaches. The breach at Target highlights how vast and damaging data breaches can be. The FTC should be able to respond to breaches like this with penalties commensurate to the potential harm. I look forward to working with my colleagues in the Congress and with the Commission to ensure that the Commission has all the sanction authority it needs to carry out its mission effectively.”
On Friday, three Target shoppers filed two separate lawsuits against the chain in filings that could pave the way for a class-action lawsuit.
Steinhafel said Target customers won’t be responsible for fraudulent card charges and “we’re working as fast as we can to get you the information you need.”