A possible Target for congressional scrutiny

Updated
The sign outside the Target store is seen in Arvada, Colorado January 10, 2014.
The sign outside the Target store is seen in Arvada, Colorado January 10, 2014.
Photo by Rick Wilking/Reuters
The scope of the data breach at Target stores is still coming into focus, but all of the news has been alarming. Late last week, the giant retailer conceded that not only had consumers’ credit card information been stolen, but also that “the names, phone numbers, email addresses and physical addresses of up to 110 million shoppers were obtained by thieves.”
 
Congress, not surprisingly, has taken a keen interest in the fiasco – that is, at least one chamber has.
At least three Senate committees want a piece of the recent catastrophe that exposed millions of customers’ credit cards, email addresses and other personal information. Lawmakers, who have failed repeatedly to pass data security legislation, see an opportune moment to revisit the controversial topic.
 
And more important, it offers Congress a well-publicized chance to play the good guys.
Quite right. There’s nothing especially ideological or partisan about lawmakers looking out for consumers’ interest. When there a breach this severe, it stands to reason Congress would take a closer look, which is precisely why the Senate Commerce, Judiciary, and Banking committees are debating amongst themselves who’ll pounce first.
 
But what about the Republican-led House?
 
In theory, this seems like a natural issue for the House Oversight Committee. After all, its chairman, Rep. Darrell Issa (R-Calif.), has been obsessed of late with cyber-security, railing against possible security threats related to healthcare.gov.
 
Of course, in reality, there have been no security breaches at the health care website; literally zero Americans’ personal information has been compromised; administrative security testing for healthcare.gov is constant; and when rare vulnerabilities have popped up, the problems have been identified and resolved quickly and safely.
 
And if Issa is apoplectic about security issues related to a website in which there have been no breaches, surely he’s outraged by the Target story, right?
 
Well, we don’t know. Rep. Elijah Cummings (D-Md.), the ranking member on the Oversight Committee, wrote to Issa this week to find out. From his letter:
Since last October, the Committee’s top priority has been investigating the security of the Healthcare.gov website and the risks posed by domestic hackers, foreign entities, and others seeking to harm our national interests. This investigation has involved numerous public hearings, tens of thousands of documents obtained from federal agencies and private contractors, and multiple transcribed interviews. Thankfully, to date there have been no successful security attacks against the Healthcare.gov website, although the increasing frequency and sophistication of attacks against all federal information technology systems increases the risks of such a breach.
 
Unfortunately, while the Committee was conducting its investigation during this time period last fall, up to 110 million Americans were subjected to one of the most massive information technology breaches in history when their credit, debit, and other personal information reportedly was compromised at Target stores and online in November and December.
 
I am writing to request that the Committee hold a bipartisan hearing with senior Target officials and security experts to investigate the cause of this breach, its implications for American consumers, and the steps Target has taken to address this specific breach and implement mitigation measures to ensure that similar attacks are not successful in the future.
If Issa is sincere about his stated security concerns, surely he’ll be just as interested in a private-sector breach as a public-sector website in which there’s been no breach.
 

A possible Target for congressional scrutiny

Updated