Lawmakers Look To Prevent More Target-Sized Data Breaches

Play associated audio

The sheer size and frequency of the recent credit card data breaches at Target, Neiman Marcus and other companies are prompting lawmakers to consider legislative options to keep sophisticated cyberthefts from happening.

"If anything, we've learned from this major, major breach that we can no longer do nothing," said Sen. Amy Klobuchar, D-Minn. "We have to take action."

The bad guys who stole data from as many as 110 million Target customers are so good at what they do that even the most modern security programs couldn't detect them. If security software can't keep up, hopes for regulation to stop fraud are slim.

"This is kind of an ongoing war, and the types of threats are changing all the time," said Fran Rosch, a vice president at the security software company Symantec. He appeared Tuesday before the Senate Judiciary panel, which explored legislative options in data security.

"Information's everywhere," Rosch said. "It's in our data centers, it's in the cloud. It's in software that sits in the cloud and on our mobile devices. So the threats are exploding, but so are the attack surfaces."

Lawmakers are considering a few policy changes to better protect consumers, such as pushing for more secure credit and debit cards. American credit cards have already failed to keep up with European and Asian card technology, which feature encrypted chips. The chips prevent cyberthieves from reusing any data after they steal it.

"What's stopping our country when they're doing this in Europe?" Klobuchar asked.

Part of the problem is the complexity of the American financial system, which has so many competing card issuers, banks, retailers and business owners. Adopting systemic change to the way purchases are made would cost retailers and banks hundreds of millions of dollars.

But the recent breaches were so costly that both banks and retailers are backing a changeover to chip technology together.

"All of us have to move together simultaneously; it's a shared responsibility," said Target Chief Financial Officer John Mulligan. "The financial industry, obviously they're, in general, the issuers of the cards. So again, in partnership with them, we need to move together collectively so the whole system is employing chip and PIN technology."

Visa and Mastercard are aiming to have chips in the majority of U.S. cards by October 2015, but it could be even longer before retail outlets change their card readers. Lawmakers are asking what they could do to speed up the change.

Another plan would be to tighten data theft disclosure and security standards, an option pushed by Sen. Al Franken, D-Minn.

"Right now there's no federal law setting out clear security standards that merchants and data brokers need to meet, and there's no federal law requiring companies to tell their customers when their data has been stolen," Franken said.

Franken and Sen. Patrick Leahy, D-Vt., are co-sponsoring the Personal Data Privacy and Security Act, which includes those disclosure and security standards. Both retailers and security companies who appeared before senators Tuesday signaled support.

But the fast-changing tech terrain makes some lawmakers wary of any attempt at national standards.

"I'm always a little bit concerned about creating a new federal regulatory authority," said Sen. Mike Lee, R-Utah, "in part because sometimes when you establish something like that it can quickly become ineffective, especially if it's in an area like this one."

Outside a Washington, D.C., Target store Tuesday, Joshua Sands said he's still a loyal Target shopper — but he's taking personal responsibility for his security.

"It's like being on the Internet, when they tell you you should always have an anti-virus on your computer," he said. "You always assume somebody's trying to get in. You have to be vigilant for yourself. You can't leave it up to someone else to handle your security."

Until more systemic changes are put in place, security experts say the attacks on our payment systems are expected to continue.

Copyright 2014 NPR. To see more, visit


He Died At 32, But A Young Artist Lives On In LA's Underground Museum

When Noah Davis founded the museum, he wanted to bring world-class art to a neighborhood he likened to a food desert, meaning no grocery stores or museums. Davis died a year ago Monday.

The Strange, Twisted Story Behind Seattle's Blackberries

Those tangled brambles are everywhere in the city, the legacy of an eccentric named Luther Burbank whose breeding experiments with crops can still be found on many American dinner plates.
WAMU 88.5

State Taxes, School Budgets And The Quality Of Public Education

Budget cutbacks have made it impossible for many states to finance their public schools. But some have bucked the trend by increasing taxes and earmarking those funds for education. Taxes, spending and the quality of public education.


Surfers And Scientists Team Up To Create The 'Perfect Wave'

Surfers once deemed man-made waves weak and mushy compared to the best that break along the coast. Then engineers and an 11-time world champion surfer showed just how good an artificial wave can be.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.