A U.S. senator has called on the Federal Trade Commission to investigate Target's security practices after the large retailer reported a data breach affecting 40 million customer credit and debit cards.
Senator Richard Blumenthal, a Connecticut Democrat, urged the agency to begin an immediate investigation. "If Target failed to adequately and appropriately protect its customers' data, then the breach we saw this week was not just a breach of security; it was a breach of trust," Blumenthal wrote in a Sunday letter to the FTC.
[ Prevent corporate data leaks with Roger Grimes' "Data Loss Prevention Deep Dive" PDF expert guide, only from InfoWorld. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
The breach could expose Target customers to "significant and potentially permanent harm," Blumenthal wrote."Those Target customers who have their data misused by hackers or thieves could lose their good credit and in turn their ability to purchase the goods and services they need for their well being and the well being of their families," he added. Even customers whose stolen data will never ultimately be misused must live with the fear and uncertainty of knowing that it could be."
Blumenthal said he will push to give the agency more authority to penalize companies that have large data breaches. The FTC doesn't have the authority to impose fines for data breaches.
In addition, Senator Chuck Schumer, a New York Democrat, called on the U.S. Consumer Financial Protection Bureau to investigate the breach.
Target said last week credit and debit card information, including the name of the customer, the credit or debit card number, the card's expiration date and the three-digit security code, was stolen at its stores between Nov. 27 and Dec. 15.
Target CEO Gregg Steinhafel, in an email to customers Saturday, said they will not be responsible for fraudulent charges. Victims will get free credit monitoring from Target, he wrote.
The breach "was a crime against Target, our team members and most importantly you -- our valued guest," he added.
The FTC doesn't comment on active investigations, but the agency has investigated similar data breaches in the past.
In a March 2008 settlement with TJX, which owns T.J. Maxx, Marshalls, and other retailers, the agency required the company to establish a comprehensive information security program and submit to biennial data security audits over the next 20 years. The company's 2005 breach, which it reported in 2007, affected more than 45 million customer credit and debit cards.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is firstname.lastname@example.org.