Clay Demands Answers on Target Data Breach, Democrats on House Financial Services Committee Seek Congressional Inquiry

MEDIA CONTACT:

STEVEN ENGELHARDT (314) 504-4029

FOR IMMEDIATE RELEASE: Monday, January 13, 2014

Clay Demands Answers on Target Data Breach

Democrats on House Financial Services Committee

Seek Congressional Inquiry

WASHINGTON, D.C.– In the wake of the massive Target data breach that compromised more than 40 million credit and debit card accounts as well as exposing the personally identifiable information of as many as 110 million Americans, Congressman Wm. Lacy Clay (D) Missouri, the Ranking Member on the House Financial Services Subcommittee on Domestic & International Monetary Policy, joined with 16 fellow Democrats to demand a congressional inquiry into the critical failure to protect the personal financial information of millions of Americans.“This critical failure to protect the financial and personal information of millions of Americans deserves prompt congressional action to determine what we can do to better protect consumers,” said the Congressman.

In a letter to Financial Services Committee Chairman Jeb Hensarling (R-TX), Mr. Clay and his Democratic colleagues asked for a full Committee hearing to explore the recent data breach, review current law designed to protect consumers and determine what can be done to ensure the future security of consumers’ card information.

The letter cited the Committee’s oversight plan for the 113th Congress, which espoused the need to continue evaluating the best way to protect security and confidentiality of consumer financial information.

“It is incumbent upon our Committee to explore whether industry data protection standards are appropriate, and examine whether heightened regulatory standards are needed to more effectively protect consumers,” the Democrats wrote. “A hearing would provide members the opportunity to hear from regulators and the industry to learn what steps merchants, financial institutions, payment processers, card networks and others should take to reduce vulnerabilities in the payment system, and strengthen measures that protect consumers from fraud.”

Industry analysts have said that the Target data beach is among the largest recorded financial data security breaches in history.

Full text of the letter is below.

=====

January 10, 2014

The Honorable Jeb Hensarling

Chairman

Committee on Financial Services

U.S. House of Representatives

Washington, D.C. 20515

Dear Chairman Hensarling:

The Target Corporation recently acknowledged that from November 27 to December 15, 2013, hackers stole credit and debit card information including card numbers, expirations dates and security codes for 40 million accounts, and other personally identifiable information for as many as 70 million customers.  Accordingly, we respectfully request that you convene a full Financial Services Committee hearing to review the recent data breach including the adequacy of current consumer financial data security protection laws, and what Congress and industry stakeholders can proactively do to ensure the future security of consumers’ card information.

We note that the Committee’s oversight plan for the 113th Congress states that “building on the Committee’s long-standing role in developing laws governing the handling of sensitive personal financial information about consumers including the Gramm-Leach-Bliley Act and the Fair and Accurate Credit Transactions Act (FACT Act), the Committee will continue to evaluate best practices for protecting the security and confidentiality of such information from any loss, unauthorized access, or misuse.”

The Target breach—which industry analysts say is among the largest recorded financial data security breaches—raises important questions about what merchants who suspect a data breach has occurred must disclose, when they must disclose it, and who has the right to be notified.  Quick notification of a breach increases the likelihood that consumers can take measures to protect themselves from fraudulent activity and is similarly critical to successfully reducing the ultimate fraud losses that financial institutions incur.

It is incumbent upon our Committee to explore whether industry data protection standards are appropriate, and examine whether heightened regulatory standards are needed to more effectively protect consumers.  A hearing would provide members the opportunity to hear from regulators and the industry to learn what steps merchants, financial institutions, payment processers, card networks and others should take to reduce vulnerabilities in the payment system, and strengthen measures that protect consumers from fraud. 

               Consumers deserve reasonable assurances that the use of their credit or debit card will not jeopardize their financial and other personally identifiable information.  This is increasingly important as companies continue to amass vast amounts of consumers’ sensitive personal information.

We appreciate your attention to this request.

Sincerely,

Maxine Waters (CA), Ranking Member

Carolyn Maloney (NY)

Daniel T. Kildee (MI)

Wm. Lacy Clay (MO)

Terri A. Sewell (AL)

James A. Himes (CT)

Gary C. Peters (MI)

Gwen Moore (WI)

Denny Heck (WA)

Michael E. Capuano (MA)

Kyrsten Sinema (AZ)

Emanuel Cleaver (MO)

Ed Perlmutter (CO)

David Scott (GA)

Bill Foster (IL)

Stephen F. Lynch (MA)

Gregory W. Meeks (NY)