Target CFO updates Congress on security changes following data breach


Target Chief Financial Officer John Mulligan testified before the U.S. Senate Committee on Commerce, Science and Transportation Wednesday in Washington, D.C., to give an update on what the company is doing in response to the massive data breach it suffered last year, the Business Journal reports.

Mulligan, in a prepared statement, said the Minneapolis-based retailer has accelerated the process of implementing chip-enabled credit card readers in all of its stores. The company says 10,000 readers are in 325 Target stores already, and it expects all of its 1,800 stores to have the technology in its stores by September – six months ahead of schedule.

The smart card program will cost Target about $100 million, Reuters reported last month. The news service cited an opinion piece written by Mulligan for the publication The Hill, where the CFO said the U.S. was slow in implementing the technology that is already widely used in other parts of the world.

Mulligan also wrote the implementation of the smart cards is "one step American businesses could now take that would dramatically improve the security of all credit and debit cards."

According to the Business Journal, the smart cards contain a tiny microprocessor chip that encrypts the transaction data shared with the sales terminals used by merchants. As a result, if a card number is stolen, thieves cannot counterfeit the card.

In addition to his testimony about the smart card technology, Mulligan admitted Wednesday that the company's anti-malware tools detected hackers' activities weeks before the data breach, which were in turn reviewed by the company's security team.

The admission comes nearly two weeks after Bloomberg Businessweek reported the early discovery of potentially malicious activity by the company’s $1.6 million malware detection tool, FireEye. Target later confirmed the report.

A reported 40 million payment card records were stolen from Target along with 70 million other records, including customer information, during the data breach in December.

Next Up