Target execs tell Congress they are 'deeply sorry' about breach


An executive of Target Corp. apologized for the massive data breach that hit customers over the holidays and promised to take an aggressive approach to protect customers in the future.

The Associated Press reported the information was included in testimony Tuesday before the Senate Judiciary Committee from a sober-faced John Mulligan, executive vice president and chief financial officer at Target. Mulligan said Target is "deeply sorry" for the effect on customers.

"We will learn from this incident and, as a result, we hope to make Target, and our industry, more secure for customers in the future," Mulligan said.

Mulligan said the company had taken steps to strengthen security, including a review of its entire network, increased fraud detection for Target REDcare holders and accelerated investment in chip technology for REDcards. In a guest editorial in The Hill newspaper on Monday, Mulligan wrote that Target hoped to implement its $100 million chip-enabled smart-card program by early 2015. The enhanced cards contain tiny microprocessor chips to encrypt personal data.

On Dec. 18 Target disclosed that it was a victim of a credit card breaches on record. Mulligan said it affected customers who shopped at the company's U.S. stores from Nov. 27 through Dec. 18.

Gannett News had the timeline for the problem, reporting that Target learned of the data breach on Dec. 12 when the Justice Department notified the company of suspicious activity involving payment cards used at Target stores. Mulligan said company officials met with the Justice Department and Secret Service the next day. On Dec. 14, Target hired an independent team of experts to conduct a forensic investigation. On Dec. 15, Target confirmed that hackers had used malware to infiltrate its system and had potentially stolen payment card data, Mulligan testified. On the same day, Target removed the malware from its sales registers.

In response to the reports of hacking, Senate Judiciary Committee Chairman Patrick Leahy has reintroduced his Personal Data Privacy and Security Act. It would create a national notification standard for companies who have experienced a data breach and would impose criminal penalties for companies that fail to notify consumers about damaging data breaches.

The committee hearing is one of a series of congressional panels this week in response to retail data breaches. Executives with Neiman Marcus are also scheduled to appear at the hearing Tuesday. The luxury retailer also experienced a data breach that compromised about 1.1 million cards.

KSTP has video from the full hearing on its website.

Next Up