Target missed opportunities to stop hack, Senate report says


Retail giant Target missed multiple opportunities to prevent its high-profile data breach last year, according to a Senate Commerce Committee staff report released Tuesday.

The report points to “a number of opportunities” that Target had to prevent the data breach that impacted tens of millions of consumers and attracted the scrutiny of members of Congress, as well as state and federal regulators.

According to the report, Target contracted with a vendor with weak security standards, missed multiple warnings from its anti-intrusion software that malware was being installed on its network and had weak controls within its network, allowing hackers to access sensitive areas.

The report comes before the committee’s hearing on data breaches on Wednesday, which will feature testimony from Federal Trade Commission Chairwoman Edith Ramirez; Target and Visa representatives; as well as the president of the University of Maryland, which recently suffered a high-profile data breach.

Earlier this year, Sen. Jay RockefellerJay RockefellerOvernight Tech: Trump nominates Dem to FCC | Facebook pulls suspected baseball gunman's pages | Uber board member resigns after sexist comment Trump nominates former FCC Dem for another term Obama to preserve torture report in presidential papers MORE (D-W.Va.) — along with Sens. Dianne FeinsteinDianne FeinsteinLewandowski clashes with ABC host over whether Trump can fire Mueller Overnight Cybersecurity: Senate Judiciary reportedly drops Manafort subpoena | Kushner meets with House Intel | House passes Russia sanctions deal | What to watch at 'hacker summer camp' Manafort agrees to speak with investigators after subpoena MORE (D-Calif.), Mark PryorMark PryorMedicaid rollback looms for GOP senators in 2020 Cotton pitches anti-Democrat message to SC delegation Ex-Sen. Kay Hagan joins lobby firm MORE (D-Ark.) and Bill NelsonBill NelsonGore wishes Mikulski a happy birthday at 'Inconvenient Sequel' premiere Honda recalls 1.2 million cars over battery fires Vulnerable senators raise big money ahead of 2018 MORE (D-Fla.) — introduced legislation that would allow the FTC to set data security standards for companies and would allow the agency and state attorneys general to bring civil penalties against companies that fail to meet those standards.

Additionally, the senators’ bill would require companies to promptly notify consumers, when there has been a data breach and provide adequate remedies. 

During a press call Tuesday, a committee aide said Rockefeller feels that companies “still don’t seem to be devoting the resources they need to actually protect the data” of their customers.

Rockefeller views Wednesday’s hearing as a chance to “dig into the details … and talk about the problems facing Target and a lot of other companies,” a committee aide said during Tuesday’s call, adding that the report will be a “centerpiece” of the hearing.