Rockefeller: Staff Report Details Target's Missed Opportunities to Stop Massive Data Breach

Report comes ahead of Senate Commerce Committee hearing on protecting consumers from data breaches

March 25, 2014

JDR Head ShotWASHINGTON, D.C.—Chairman John D. (Jay) Rockefeller IV today released a staff report titled, “A ‘Kill Chain’ Analysis of the 2013 Target Data Breach.” The report details how Target possibly failed to take advantage of several opportunities to prevent the massive data breach in 2013 when cyber criminals stole the financial and personal information of as many as 110 million consumers.  

Rockefeller will formally introduce the report tomorrow when he chairs his third full Committee hearing on data security. The hearing, titled, “Protecting Personal Consumer Information from Cyber Attacks and Data Breaches”, will explore the dangers to consumers posed by recent data breaches. The Chairman will also highlight legislation he recently introduced, the Data Security and Breach Notification Act, that would – for the first time – establish strong, federal consumer data security and breach notification standards. The hearing will begin at 2:30pm in Russell 253. The hearing will also be webcast live via the Senate Commerce Committee website

“For nearly a decade, we’ve had major data breaches at companies both large and small. Millions of consumers have suffered the consequences,” Rockefeller said. “While Congress deserves its share of the blame for inaction, I am increasingly frustrated by industry’s disingenuous attempts at negotiations. It’s time for industry to work with us on legislation that reinforces the basic protections American consumers have a right to count on.”

For many years, Rockefeller has identified data breaches as a significant consumer protection and cybersecurity problem, and advocated for legislation to require companies to better safeguard their data and notify consumers when breaches occur. The Commerce Committee focuses on the intersection of data security and cybersecurity, with jurisdiction over consumer protection and the Federal Trade Commission (FTC), and cybersecurity and the National Institute of Standards and Technology (NIST).