Federal officials should launch an investigation into a data breach affecting millions of Target shoppers’ personal information, according to Sen. Richard Blumenthal (D-Conn.).
In a letter to the Federal Trade Commission (FTC) over the weekend, Blumenthal said that the agency should probe whether the retail giant took the proper steps to protect consumers’ information ahead of time.
Last week, Target revealed that about 40 million credit and debt card accounts had been affected by the hack, which occurred from Nov. 27 to Dec. 15.
Under current law, the FTC has the power to investigate companies’ privacy and information security policies and ensure that they meet proper standards, it has asserted.
It has previously brought cases against companies that it determined didn’t do enough to protect consumer data, and Blumenthal suggested it should consider doing so again.
“Given the scope and duration of Target’s recent data breach, it appears that Target may have failed to employ reasonable and appropriate security measures to protect personal information,” Blumenthal wrote. “If Target failed to adequately protect customer information, it denied customers the protection that they rightly expect when a business collects their personal information. Its conduct would be unfair and deceptive, and it would clearly violate the FTC Act.”
Last week, the FTC’s consumer information website published a guide for shoppers who may have been affected by the hack.
For the FTC to impose tough penalties, though, Congress would need to act, Blumenthal noted. He suggested that he would consider additional legislation to empower the agency to punish firms that poorly protect their customers’ information.
“I look forward to working with my colleagues in the Congress and with the Commission to ensure that the Commission has all the sanction authority it needs to carry out its mission effectively,” he said.