Target Breach Kicks Off Round of Probes, Bills and Quarrels

A Target on Its Back A Target on Its Back When the Target Corp. data breach was reported in December, soon followed by retailers Neiman Marcus and Michaels, public officials pounced and the financial industry took a hard look in the mirror. Federal and state officials immediately launched investigations and held hearings. Meanwhile, the industry questioned how well its electronic systems were protected, and banks and retailers squabbled. Here's a look at how government and business leaders responded to the latest scourge of computer data breaches.

Image: Bloomberg News
NY's Top Lawyer Tees Off NY's Top Lawyer Tees Off Less than a month after the Target breach was first reported, New York's attorney general, Eric Schneiderman, issued harsh words for the retailer, saying his state's consumers "expect and deserve better" and that he would participate in a national investigation.

Image: Bloomberg News
Congress Weighs In Congress Weighs In A few days later, the bipartisan Data Security Act was re-introduced in Congress, co-sponsored by Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo. It would require retailers and government agencies to protect customer data and alert consumers more quickly if their information was compromised.

Image: Bloomberg News
Banks, Merchants Point Fingers Banks, Merchants Point Fingers While elected officials staked out their positions, banks and retailers drew their own lines in the sand. First, the National Retail Federation published a Jan. 21 letter that blamed the banks for hacking outbreak. The next day, Independent Community Bankers of America CEO Camden Fine fired back, saying "retailers and their processors-not banks-are responsible."

Image: Bloomberg News
Advertisement
Time for the Stripe to Go? Time for the Stripe to Go? While banks and retailers tried to assign blame, other industry players started asking why the U.S. payments system did not adopt technologies thought to provide better protection against hackers, namely dumping the magnetic stripe on cards in favor of chip-and-PIN systems.

Image: Thinkstock
Banks to Retailers: Step it Up  Banks to Retailers: Step it Up The head of the trade group for the 100 largest banks and other financial companies, Tim Pawlenty, called for Congress to force retailers to adopt tougher new security requirements. His comments suggested that retailers haven't done enough and that "retailer breaches will increase financial institution costs to monitor fraud."

Image: Bloomberg News
Congressional Hearing Congressional Hearing At a Congressional hearing held in February, bankers and lawmakers discussed whether to adopt Europe's chip technology to combat data breaches. At the same hearing, an executive at the $13 billion-asset FirstBank in Lakewood, Colo., said Congress shouldn't get involved.

Image: Thinkstock
California Moves First California Moves First California lawmakers get in on the action, as they begin considering ways to give more protections to consumers' card usage. The movement could lead to legislative changes in other states, as California is often a first mover in consumer protections.

Image: Thinkstock
Advertisement
Schadenfreude in Europe Schadenfreude in Europe While American leaders wrung their hands over the data breaches, European officials sat back and chuckled. That's largely because Europe has already adopted EMV-chip cards, which are more secure than magnetic stripe cards.

Image: Thinkstock

When the Target Corp. data breach was reported in December, soon followed by retailers Neiman Marcus and Michaels, public officials pounced and the financial industry took a hard look in the mirror. Federal and state officials immediately launched investigations and held hearings. Meanwhile, the industry questioned how well its electronic systems were protected, and banks and retailers squabbled. Here's a look at how government and business leaders responded to the latest scourge of computer data breaches.

Comments (1)
Target Passed PCI DSS in Sept 2013, so this is not about compliance - it's really about incident response. People need to realize that cyber detection technology just gives you a flashing red light that there's "engine trouble", it doesn't actually fix anything.

That's where firms - retailers and financial institutions need to step up and automate their incident response game to prioritize, mitigate, and contain threats as fast as they detect them. It's not that hard really, there are several firms that do it such as NetCitadel and FireEye.

Posted by SecurityIR | Tuesday, March 18 2014 at 7:34PM ET
Post a Comment
You must be registered to post a comment.
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.

 

Already a subscriber? Log in here
Please note you must now log in with your email address and password.