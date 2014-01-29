By Lawrence Hurley and Mark Hosenball
WASHINGTON Jan 29 U.S. spy agency chiefs on
Wednesday called on Congress to draft stricter requirements for
how retailers and other private businesses should inform
government agencies and customers about big breaches of personal
and financial data.
The intervention by intelligence chiefs came as Attorney
General Eric Holder confirmed that the Justice Department was
investigating the massive hacking of consumer data from No. 3
U.S. retailer Target Corp during the holiday shopping
season late last year.
Also on Wednesday, several congressional committees signaled
growing interest in recent data breaches, with the powerful
House Oversight Committee scheduling a telephone briefing on
Thursday with Target representatives.
Separately, at Wednesday's threat hearing before the Senate
Intelligence Committee, Barbara Mikulski of Maryland, where the
National Security Agency is headquartered, asked intelligence
chiefs if media leaks by former NSA contractor Edward Snowden
had affected U.S. cybersecurity efforts.
"Is the impact of the Snowden affair slowing us down in our
work to be more aggressive in the cybersecurity area?" Mikulski
asked.
FBI Director James Comey said political uproar over
surveillance and Snowden's leaks had complicated discussions
about how to fight consumer data breaches.
"There is the threat of fraud and theft because we've
connected our lives to the Internet," Comey said. "We need to
make sure that the private sector knows the rules of the road
and how we share that information with the government."
Some U.S. officials with responsibility for cybersecurity
have complained privately that, while states have created a
"patchwork" of local rules requiring businesses to report
breaches of consumer data to authorities and the public, there
are no similar federal requirements.
Congress has been wrestling for years with proposals for
legislation on data security, but has been unable to reach
agreement. There is no national standard to govern how and when
businesses that suffer consumer data breaches must advise their
customers and agencies like the U.S. Secret Service and FBI.
HOLDER CONFIRMS PROBE
Holder, testifying at a Senate Judiciary Committee hearing,
said the Justice Department would seek the perpetrators of the
Target breach as well as "any individuals and groups who exploit
that data via credit card fraud."
"While we generally do not discuss specific matters under
investigation, I can confirm the department is investigating the
breach involving the U.S. retailer, Target," Holder said.
Target has said a breach of its networks resulted in the
theft of about 40 million credit and debit card records and 70
million other records with customer information such as
addresses and telephone numbers.
The Secret Service has taken the lead investigating the
recently revealed data breaches at Target and other retailers,
including Neiman Marcus and Michaels Companies Inc,
the largest U.S. arts and crafts retailer.
Reuters reported on Jan. 23 that the FBI also warned U.S.
retailers to prepare for more cyber attacks after discovering
about 20 hacking cases over the past year that involved the same
kind of malicious software used against Target during the
holiday shopping season.
Numerous congressional committees are accelerating efforts
to gather more information about the data breaches.
Democrat Jay Rockefeller, chairman of the Senate Judiciary
Committee, took a new tack this week, asking Target why the
company had not yet reported its data breach to the U.S.
Securities and Exchange Commission.
"Your failure thus far to provide this information to your
investors does not seem consistent with the spirit or the letter
of the SEC's financial disclosure rules," Rockefeller wrote in
the three-page letter to Target's chief executive.
Target closed at $56.89 per share on the New York Stock
Exchange on Wednesday, down 1.7 percent, after reaching its
lowest level since July 2012.
In the House of Representatives, Democratic members of the
Energy and Commerce Committee on Wednesday asked Neiman Marcus
for documents relating to the upscale retailer's recent
cybersecurity breach. Last week, the same lawmakers asked
Target executives for more documents related to its massive data
breach.
Earlier this month, Neiman Marcus said about 1.1 million
customer payment cards may have been affected in a breach last
year.
On Thursday, members of the House Oversight Committee, which
has broad investigative jurisdiction, are scheduled to hold a
telephone briefing with Target representatives, during which
detailed questions are expected to be asked about how and why
recent data breaches occurred.
Target spokeswoman Molly Snyder did not give details on
upcoming meetings but reiterated that Target was "continuing to
work with elected officials to keep them informed and updated as
our investigation continues."
Three Congressional panels are slated to hold hearings,
beginning next week. On Monday, the Senate Banking Committee is
scheduled to hear from witnesses representing the Secret
Service, Federal Trade Commission, and lobbying groups.
On Tuesday, the Senate Judiciary committee is expecting to
take testimony from Target's chief financial officer.
The House Energy and Commerce Committee is expected to hold
its own hearing next week. Neiman Marcus has been invited to
that hearing but the company has not yet confirmed its
attendance, said a spokeswoman for the panel's top Democrat,
Henry Waxman.
A Neiman Marcus representative did not respond to requests
for comment on Wednesday.