Senators request probe of Home Depot hack

Two Senate Democrats have asked the Federal Trade Commission (FTC) to investigate Home Depot’s massive data breach, which may have exposed details about millions of shoppers’ credit and debit cards.

A day after Home Depot confirmed that hackers targeted its U.S. and Canadian stores earlier this year, Sens. Richard Blumenthal (D-Conn.) and Edward MarkeyEdward (Ed) John MarkeyDems lambaste Trump’s ‘outrageous’ EPA chemical safety pick Dems plan to make gun control an issue in Nevada Dem senator pitches ideas for gun control after shooting MORE (D-Mass.) said they were concerned that the home repair giant’s digital security was not up to snuff.

ADVERTISEMENT
“Given the unprecedented scope and extended duration of Home Depot’s data breach, it appears that Home Depot may have failed to employ reasonable and appropriate security measures to protect sensitive personal information,” the two wrote in a letter to FTC Chairwoman Edith Ramirez. “If Home Depot failed to adequately protect customer information, it denied customers the protection that they rightly expect when a business collects such information.”

If so, that would amount to “unfair and deceptive” practices, they added, which the FTC has the authority to police.

The agency previously has investigated companies that have suffered data breaches, though some critics have questioned whether it truly has the authority to conduct such probes. A court earlier this year seemed to settle that matter in a case over the FTC’s action against the Wyndham Worldwide hotel and resort chain. 

An agency representative said the FTC had received the letter but declined to comment further.

This year, Markey and Blumenthal introduced the Personal Data Protection and Breach Accountability Act, which would require companies to notify people if their data may have been stolen in a hack. The legislation would also require firms to create security plans to ward off cyberattacks.

Home Depot has said that it is still investigating the size of its breach, though outside analysts have predicted that it could be bigger than last year’s hack at Target, which compromised credit and debit card information for 40 million people.

Home Depot has said the hack did not affect people who shopped at its online store, and the company stressed that it does not believe customers’ PIN numbers were taken.