By Todd Shields and Renee Dudley
Feb. 4 (Bloomberg) – Target Corp. apologized to U.S.
lawmakers for a data breach that exposed tens of millions of
consumers’ data and said security will be improved by chip-
enabled cards the retailer will provide to customers.
“I want to reiterate how sorry we are that this has
happened,” John Mulligan, chief financial officer of the
second-largest U.S. discount retailer, told the Senate Judiciary
Officers of Target and closely held Neiman Marcus Group
Ltd., which also suffered a hacker attack that exposed personal
data of customers, testified in a second day of congressional
hearings as lawmakers called for a national data-breach
notification requirement and wider authority for the Federal
Trade Commission to enforce such rules.
In December, Minneapolis-based Target said credit- and
debit-card data for as many as 40 million people who shopped in
its stores between Nov. 27 and Dec. 15 may have been
compromised. Mulligan today said the breach lasted three days
longer, to Dec. 18.
He said Target is accelerating investment in chip cards,
which he called “critical to providing enhanced protection for
Michael Kingston, chief information officer for Neiman
Marcus, which had about 1.1 million payment cards that may have
been affected by a similar breach, told lawmakers that
government can help by letting law enforcement share threat
information with companies.
Target took immediate action to disable malware on
registers once it was discovered. Last month, Target said the
names, phone numbers and home and e-mail addresses of as many 70
million people also were compromised.
Senator Patrick Leahy, a Vermont Democrat and chairman of
the Judiciary Committee, today said he hoped for quick action on
U.S. legislation. He has introduced a bill containing
“Time is of the essence,” Leahy said. “American
consumers deserve to know when their private information has
Edith Ramirez, chairwoman of the trade commission, called
for a federal breach-notification requirement to replace state
“Never has the need for legislation been greater,”
Ramirez said. “With reports of data breaches on the rise, and
with a significant number of Americans suffering from identify
theft, Congress needs to act.”
At stake is about $40 billion of revenue earned by card
issuers including JPMorgan Chase & Co., as well as the profits
of Target and other retailers affected by the breaches. More
than $3 trillion in U.S. customer transactions take place each
year through the point-of-sale systems infiltrated by the
hackers, according to David Robertson, publisher of the Nilson
Report, an industry newsletter based in Carpinteria, California.
Federal law requires financial institutions to notify
customers of data breaches. Retailers must follow varying laws
in 46 states.
In addition to Target and Neiman Marcus, other retailers,
such as Michaels Stores Inc., the world’s largest arts-and-
crafts retailer, have said recently that some of their customer
payment-card data may have been used fraudulently.
For Related News and Information:
Target Says Card Data Breach May Have Come Through Vendor
Target Seen Losing Customer Loyalty After Credit Card Breach
Michaels Stores Sued After Reporting Possible Data Breach
News About Target and Computer Security:
TGT US TCNI ITSECURE
Top Consumer News: TOP CON
--Editors: Elizabeth Wasserman, Bernard Kohn
To contact the reporter on this story:
Todd Shields in Washington at +1-202-624-1909 or
To contact the editor responsible for this story:
Bernard Kohn at +1-202-654-7361 or