Target missed opportunities to stop hack, Senate report says

Retail giant Target missed multiple opportunities to prevent its high-profile data breach last year, according to a Senate Commerce Committee staff report released Tuesday.

The report points to “a number of opportunities” that Target had to prevent the data breach that impacted tens of millions of consumers and attracted the scrutiny of members of Congress, as well as state and federal regulators.

{mosads}According to the report, Target contracted with a vendor with weak security standards, missed multiple warnings from its anti-intrusion software that malware was being installed on its network and had weak controls within its network, allowing hackers to access sensitive areas.

The report comes before the committee’s hearing on data breaches on Wednesday, which will feature testimony from Federal Trade Commission Chairwoman Edith Ramirez; Target and Visa representatives; as well as the president of the University of Maryland, which recently suffered a high-profile data breach.

Earlier this year, Sen. Jay Rockefeller (D-W.Va.) — along with Sens. Dianne Feinstein (D-Calif.), Mark Pryor (D-Ark.) and Bill Nelson (D-Fla.) — introduced legislation that would allow the FTC to set data security standards for companies and would allow the agency and state attorneys general to bring civil penalties against companies that fail to meet those standards.

Additionally, the senators’ bill would require companies to promptly notify consumers, when there has been a data breach and provide adequate remedies. 

During a press call Tuesday, a committee aide said Rockefeller feels that companies “still don’t seem to be devoting the resources they need to actually protect the data” of their customers.

Rockefeller views Wednesday’s hearing as a chance to “dig into the details … and talk about the problems facing Target and a lot of other companies,” a committee aide said during Tuesday’s call, adding that the report will be a “centerpiece” of the hearing.