The request to the Financial Services Committee of the U.S. House
of Representatives piggybacks on a similar move by Senate Democrats
on Friday. Target has said a breach of its networks resulted in the
theft of about 40 million credit and debit card records and 70
million other records with customer information.
In a letter to Jeb Hensarling, the committee's Republican chairman,
17 committee Democrats, led by ranking member Maxine Waters, asked
for a "full Financial Services Committee hearing."
The letter said a hearing should review current consumer protection
laws and determine what could be done to ensure the future security
of consumers' card information.
"It is incumbent upon our Committee to explore whether industry data
protection standards are appropriate, and examine whether heightened
regulatory standards are needed to more effectively protect
consumers," the Democrats wrote.
Hensarling said in a statement on Monday night that "Americans have
a right to expect that the personal information they turn over to
private companies and government agencies will be protected and kept
secure from loss, unauthorized access or misuse."
"The House Financial Services Committee has held, and will continue
to hold, hearings on the security of information collected by these
agencies and financial institutions and will continue to press for
accountability of all those who collect personal consumer data,"
After the request from Senate Democrats last week, Senate Banking
Committee leaders have confirmed they plan a hearing on data
security issues in late January.
Although the hearings would allow for an airing of grievances and
potentially bring Target officials to Washington for questioning
about how the case has been handled, they would not necessarily
result in taking any kind of action or in legislation.
A bill by Senate Judiciary Committee Chairman Patrick Leahy remains
the only data security bill on tap for now.
The National Association of Federal Credit Unions sent letters on
Monday to congressional leaders, demanding action on data security.
"GOING TO GET TO BOTTOM OF THIS"
Target disclosed on December 19 that it was a victim of one of the
biggest credit card breaches on record, which it said lasted for 19
days in the busy holiday shopping season through December 15.
Sources familiar with the investigation previously said that Target
learned about the attack only after receiving warnings from
financial industry sources who reported seeing a surge in fraudulent
credit card activity from accounts of customers who had shopped at
[to top of second column]
Another retailer, Neiman Marcus, disclosed on Friday that it was
warned about a possible breach in mid-December and that an outside
forensics firm confirmed a breach on January 1, saying it found
evidence that some payment card data may have been compromised.
Connecticut, which is helping lead a coalition of more than 30
states investigating the Target data breach, said it was also
looking into the Neiman Marcus matter. "To the extent that we become
aware of breaches at other retailers, we will be looking into those
as well," a spokeswoman for the state attorney general's office
New York and Illinois are also probing the Neiman Marcus breach,
state officials said.
Target Chief Executive Gregg Steinhafel told CNBC TV on Monday in
his first interview since the breach that "we're going to get to the
bottom of this. We're not going to rest until we understand what
happened and how that happened.
In the CNBC interview, Steinhafel said the company "confirmed" it
had been victim of a breach on December 15, but he provided no
account of what happened in preceding weeks.
The company is trying to woo back customers after sales dropped off
at the end of the holiday season. Its campaign included full-page
newspaper advertisements on Monday apologizing for the attack.
The Federal Trade Commission (FTC), the Securities and Exchange
Commission and state attorneys general would potentially look into
Target's actions. The FTC does not confirm or deny the existence of
ongoing investigations and would only get involved if Target is
shown to have failed to protect customer data.
Target has said it is working in partnership with the Secret
Service, the lead agency involved in the data breach case, and the
Department of Justice, but did not comment on any FTC involvement.
(Additional reporting by Rick Cowan in Washington, Dhanya Skariachan
and Phil Wahba in New York, Ross Kerber and Jim Finkle in Boston,
and Karen Freifeld in New York; editing by Leslie Adler, Grant
McCool, Peter Cooney and Eric Walsh)
[© 2014 Thomson Reuters. All rights
Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.