Target missed opportunities to stop hack, Senate report says


Retail giant Target missed multiple opportunities to prevent its high-profile data breach last year, according to a Senate Commerce Committee staff report released Tuesday.

The report points to “a number of opportunities” that Target had to prevent the data breach that impacted tens of millions of consumers and attracted the scrutiny of members of Congress, as well as state and federal regulators.


According to the report, Target contracted with a vendor with weak security standards, missed multiple warnings from its anti-intrusion software that malware was being installed on its network and had weak controls within its network, allowing hackers to access sensitive areas.

The report comes before the committee’s hearing on data breaches on Wednesday, which will feature testimony from Federal Trade Commission Chairwoman Edith Ramirez; Target and Visa representatives; as well as the president of the University of Maryland, which recently suffered a high-profile data breach.

Earlier this year, Sen. Jay RockefellerJohn (Jay) Davison RockefellerDemocrats look to scale back Biden bill to get it passed Humorless politics a sad sign of our times Bottom Line MORE (D-W.Va.) — along with Sens. Dianne FeinsteinDianne Emiel FeinsteinOvernight Energy & Environment — Starting from 'scratch' on climate, spending bill Senate panel advances bill blocking tech giants from favoring own products Eight senators ask Biden to reverse course on Trump-era solar tariffs MORE (D-Calif.), Mark PryorMark Lunsford Pryor11 former Democratic senators call for 'meaningful reform to Senate rules' Kyrsten Sinema is less of a political enigma than she is a strategic policymaker  Bottom line MORE (D-Ark.) and Bill NelsonClarence (Bill) William NelsonJames Webb telescope reaches final destination a million miles from Earth Overnight Energy & Environment — Earth records its hottest years ever Global temperatures in past seven years hottest ever observed, new data show MORE (D-Fla.) — introduced legislation that would allow the FTC to set data security standards for companies and would allow the agency and state attorneys general to bring civil penalties against companies that fail to meet those standards.

Additionally, the senators’ bill would require companies to promptly notify consumers, when there has been a data breach and provide adequate remedies. 

During a press call Tuesday, a committee aide said Rockefeller feels that companies “still don’t seem to be devoting the resources they need to actually protect the data” of their customers.

Rockefeller views Wednesday’s hearing as a chance to “dig into the details … and talk about the problems facing Target and a lot of other companies,” a committee aide said during Tuesday’s call, adding that the report will be a “centerpiece” of the hearing.