Target has made new disclosures about detailed personal information stolen in its holiday shopping season hack, which is raising alarms in Congress.
The retail giant announced on Friday that names, mailing address, phone numbers or email addresses had been stolen from as many as 70 million people in the data breach, which occurred from Nov. 27 to Dec. 15. Previously, the retailer had reported that information about roughly 40 million credit and debt cards had been compromised in the hack.
Lawmakers from both sides of the aisle were quick to call for congressional and regulatory action to protect customers in the wake of the new disclosure.
Sen. Richard Blumenthal (D-Conn.) has urged for the Federal Trade Commission (FTC) to launch an investigation into Target’s data security, and he repeated that call on Friday.
He added that he would work on legislation to require notifications after data breaches and upgraded security technology.
“I think this issue is undeniable in its urgency, given the spate of recent breaches and hackings and other improper disclosures of information. And there’s a need for more proactive and preventive action.”
Sen. Ed Markey (D-Mass.) called for congressional action after the first revelations about Target’s data loss and reiterated his concern in light of Friday’s revelations.
“When a number equal to nearly one-fourth of America’s population is affected by a data breach, it is a serious concern that must be addressed. These findings only underscore the need for retailers across industries to make their security safeguards iron-clad to ward off hackers prowling for Americans’ personal information,” he said in a statement.
Target said that it learned that the additional personal information was stolen as part of its continuing investigation into the data breach.
“I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this,” President and Chief Executive Gregg Steinhafel said in a statement. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."
In response to the disclosure, the company is offering a free year of credit monitoring and identity theft protection to all customers who shopped at U.S. stores. Patrons have three months to enroll in the program, Target said.
Sen. Deb Fischer (R-Neb.) wrote to the leaders of the Senate Commerce Committee, on which she sits, asking for the panel to explore the possibility of a new data security law.
In addition to the Target hack, she also cited a recent data breach at the mobile application Snapchat. Those incidents, she wrote, are a sign that “our nation’s entire data security framework is in desperate need of revamping.”
“That will require congressional action and attention from our committee,” she wrote. “I encourage you to schedule hearings as soon as possible so we can minimize the impact these data breaches are having on consumers and our economy.”
Earlier this week, Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) cited the breach when he reintroduced his data privacy legislation. Leahy said that his committee will hold a hearing on the issue early this year.