Target says it is taking a hard look at security
Target executive says that company is taking a hard look at security after massive data breach
NEW YORK (AP) -- A senior executive at Target Corp. told a Senate hearing Wednesday that the retailer is taking a hard look at security across its network and is strengthening its anti-virus tools in the wake of a massive data breach before Christmas.
But Chief Financial Officer John Mulligan offered few details as to how the breach happened.
"This is about making it more difficult to move across our network," Mulligan told the Committee on Commerce, Science and Transportation, which is focusing on ways to protect consumer data.
The hearing also featured testimony from Ellen Richey, chief enterprise risk officer at Visa Inc., Edith Ramirez, chairwoman of the Federal Trade Commission, Peter J. Beshar, executive vice president and general counsel of Marsh & McLennan, and Dr. Wallace Loh, president of University of Maryland, which also suffered a recent data breach.
The hearing came as the Senate committee released a report that said Target had multiple opportunities to thwart the attack.
Target disclosed on Dec. 19 that a data breach compromised 40 million credit and debit card accounts between Nov. 27 and Dec. 15. Then on Jan. 10 it said hackers also stole personal information — including names, phone numbers, and email and mailing addresses — from as many as 70 million customers.
Target's breach could eclipse the biggest known data theft at a retailer: TJX Cos. in 2007 disclosed a breach of customer information that compromised more than 90 million records at its T.J. Maxx, Marshalls and HomeGoods stores.
Target has said it believes hackers broke into its network by infiltrating the computers of a vendor. Then the hackers installed malicious software in the checkout system for Target's estimated 1,800 U.S. stores.
Target acknowledged this month that security software picked up on suspicious activity after the cyber attack was launched, but the company decided not to take immediate action because, at the time, it determined it didn't warrant immediate follow-up.
In the wake of the breach, Target has been working to make changes.
The company announced early this month that Beth Jacob, the company's chief information officer since 2008, resigned. The departure comes as Target works to overhaul some of its divisions that handle security and technology.
Mulligan reiterated Wednesday that Target is accelerating its $100 million plan to roll out chip-based credit card technology, which experts say is more secure than traditional magnetic stripe cards.
During the questioning, Mulligan said that Target's branded cards accounted for 15 percent of all the cards compromised. Of the discounter's various types of proprietary cards, only the REDcard Visa credit card has seen a small increase in incremental fraud, about an 0.1 percent uptick
Mulligan also told the panel on Wednesday that the two announced lists of the number of customers affected in the breach overlapped by at least 12 million people. The company had said earlier that some overlap existed but had not given details.
Richey told the panel that Visa generally sees fraud on 2 to 5 percent of payment cards that are affected in major breaches. But the percentage was much lower so far in the Target breach.
Experts have maintained that evidences of fraud could come years later.
