Target missed opportunities to stop hack, Senate report says


Retail giant Target missed multiple opportunities to prevent its high-profile data breach last year, according to a Senate Commerce Committee staff report released Tuesday.

The report points to “a number of opportunities” that Target had to prevent the data breach that impacted tens of millions of consumers and attracted the scrutiny of members of Congress, as well as state and federal regulators.


According to the report, Target contracted with a vendor with weak security standards, missed multiple warnings from its anti-intrusion software that malware was being installed on its network and had weak controls within its network, allowing hackers to access sensitive areas.

The report comes before the committee’s hearing on data breaches on Wednesday, which will feature testimony from Federal Trade Commission Chairwoman Edith Ramirez; Target and Visa representatives; as well as the president of the University of Maryland, which recently suffered a high-profile data breach.

Earlier this year, Sen. Jay RockefellerJohn (Jay) Davison RockefellerHumorless politics a sad sign of our times Bottom Line World Health Day: It's time to fight preventable disease MORE (D-W.Va.) — along with Sens. Dianne FeinsteinDianne Emiel FeinsteinProgressive groups urge Feinstein to back filibuster carve out for voting rights or resign Senators call for Smithsonian Latino, women's museums to be built on National Mall Five faces from the media who became political candidates MORE (D-Calif.), Mark PryorMark Lunsford PryorBottom line Everybody wants Joe Manchin Cotton glides to reelection in Arkansas MORE (D-Ark.) and Bill NelsonClarence (Bill) William NelsonThis Thanksgiving, skip the political food fights and talk UFOs instead Two trajectories to Mars by the 2030s Russian weapons test endangers the International Space Station MORE (D-Fla.) — introduced legislation that would allow the FTC to set data security standards for companies and would allow the agency and state attorneys general to bring civil penalties against companies that fail to meet those standards.

Additionally, the senators’ bill would require companies to promptly notify consumers, when there has been a data breach and provide adequate remedies. 

During a press call Tuesday, a committee aide said Rockefeller feels that companies “still don’t seem to be devoting the resources they need to actually protect the data” of their customers.

Rockefeller views Wednesday’s hearing as a chance to “dig into the details … and talk about the problems facing Target and a lot of other companies,” a committee aide said during Tuesday’s call, adding that the report will be a “centerpiece” of the hearing.