US Sen. Menendez wants Federal Trade Commission to hold companies accountable for hacks

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.dailyjournal.net/view/story/3c03c92333674850a58d5264aac0a2c7/NJ--Target-Security-Breach-Menendez/#.Ur3WKqKzKpg

JERSEY CITY, New Jersey — Sen. Robert Menendez wants the federal government
to hold companies accountable when their customers' financial information
is stolen.

The New Jersey Democrat is taking on the topic after last week's revelation
that information about 40 million Target customer accounts had been stolen.

At a news conference Thursday outside a Target store in Jersey City,
Menendez said he wants to make sure retailers are "putting their customers
ahead of profits." He announced that he had requested details from the
Federal Trade Commission on whether it can fine firms for security breaches
and whether laws should be changed to protect consumer data.

"We need to know if the FTC has the teeth to hold retailers who failed to
protect consumers' information accountable," Menendez said.

Menendez said he "has a feeling" that the agency won't be able to levy
fines or penalties against companies. When a data breach occurred at
Marshall's and T.J. Maxx in 2006, the FTC wasn't able to fine the stores'
parent company as part of a settlement agreement.

"Our country's consumers depend upon safe and secure transactions, and
especially at this crucial time of year, our country's retailers must
commit to fulfilling that expectation," Sen. Menendez wrote to FTC
Chairwoman Edith Ramirez.

Menendez said he wants the FTC to recommend if further legislative action
is needed to help protect consumers against having their financial
information stolen.

Menendez said if a company doesn't invest in security to ensure customer
data can't be stolen, "then you have to question why a company would not do
that."

He said he may hold hearings on the Target breach.

Target Corp. spokeswoman Katie Boylan said in an email the company is
"focused on partnering with the authorities who are investigating this
crime against Target and our guests, and helping our guests understand what
they need to know and what steps they can take."

The security breach lasted from Nov. 27 to Dec. 15 and affected customers
in Target's U.S. stores.

The retailer said it hosted a conference call for state attorneys general
Monday and will have a follow-up call Jan. 6.

Target announced Monday the Department of Justice is investigating what is
being called the second-largest data breach in U.S. history. It also said
it is working with the Secret Service to determine how the hack happened.

Customers have already filed lawsuits against the company.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.