WASHINGTON (WCCO/AP) — An executive of Target Corp. says the retailer has taken actions to shore up security following the massive breach of millions of consumers’ data during the holiday season. He urged banks, retailers and the government to work together to protect consumers.
On Tuesday morning, John Mulligan, executive vice president and chief financial officer at the No. 2 U.S. discounter, testified at a hearing before the Senate Judiciary Committee.
Mulligan said Target is “deeply sorry” for the effect of the data theft on consumers, and he acknowledged that their confidence in the Minneapolis-based company has been shaken. It was the first public appearance by a Target executive addressing the issue since the breach that occurred between Nov. 27 and Dec. 15.
“The intruder came in through a set of compromised vendor credentials and took two sets of data. The first set of data was malware was placed on our point of sale registers. There, they grabbed payment card information in the time between it being swiped the magnetic stripe until we encrypt it in our systems,” Mulligan said.
But Mulligan said even after the malware was removed, the breach continued for three days.
Mulligan added that Target had no idea that information from more than 100 million customers had been breached until the Secret Service alerted them on Dec. 12, 2013. That’s three days earlier than initially disclosed.
A Target representative said there is no inconsistency in their timeline. CEO Greg Steinhafel said he learned of the breach on Dec. 15 when Target confirmed that the breach had actually occurred.
Another retailer testifying was Neiman Marcus.
A Neiman Marcus executive said the company had a breach that affected 1.1 million customers from July through October and that the company only found out about the breach a few weeks ago.
Sen. Al Franken and Sen. Amy Klobuchar were among those voicing support for chip technology in credit cards, as well as the use of a pin number for transactions.
Klobuchar said legislation could force credit card companies to adopt the more expensive technology.
“We’re first of all looking at whether legislation would be helpful in pushing the industry to chip and pin, which has reduced this kind of data breach in Europe,” she said.
Target later issued a statement saying the company is moving toward adopting smart card technology in their own cards by the first quarter of 2015 – six months ahead of schedule.
(TM and © Copyright 2014 CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2014 CBS Broadcasting Inc. Used under license. All Rights Reserved.This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.)