WASHINGTON: A US House of Representatives committee with broad investigative jurisdiction has turned up the heat on Target Corp, demanding that the No. 3 US retailer turn over internal documents and messages describing how and when it learned of a recent massive consumer data breach.
In a letter made available to Reuters, the House Committee on Oversight and Government Reform requested that Target turn over all documents or communications generated between Nov. 1 and Dec.
13, in which Target employees or "agents" discuss "any suspicion" that a data breach had occurred.
The committee set a deadline of March 1 for Target to turn over the materials. If the company does not fully comply, the committee majority has the power to issue a subpoena forcing the company's compliance.
The lengthy breach of Target's computer networks over the holiday shopping period resulted in the theft of an estimated 40 million credit and debit card records and 70 million other records with customer information, such as addresses and telephone numbers.
In its letter, dated Feb. 24, the committee says it also wants any documents generated between Nov. 1 and Dec. 19 referring to discussions about notifying others about the data breach, and any documents generated since Dec. 12 in which any federal agency advised the company to avoid providing information to Congress.
Congressional sources said that this is the first time the majority on the Republican-led committee had sent such a request to Target.
The sources said the letter was prompted, at least in part, after committee officials felt dissatisfied with responses given by Isaac Reyes, an official with Target's government relations department, during a Jan. 30 conference call with the committee about the data breach.
The letter was signed by Oversight Committee Chairman Darrell Issa, a California Republican who has garnered headlines for his fierce criticism of the performance of Obama administration on a wide range of issues.
The committee has wide jurisdiction to investigate government and private business activity. In its letter, the panel hints that the retailer may not have been entirely forthcoming in accounts it has offered to the public and Congress about when it learned of the data breach.
Investigators now believe that the hackers managed to break into Target's payment network by first breaching a "data connection" between the US retailer and a heating and ventilating systems contractor based near Pittsburgh.
The committee's letter notes that in testimony before a Senate committee on Feb. 4, John Mulligan, Target's chief financial officer, testified that the company had no knowledge that malware related to the data breach had been installed on its systems before receiving a notification from the US Justice Department on Dec. 12.
However, the committee says that statement did not "clarify" when Target first learned that it could have been the victim of a breach, since cybersecurity blog KrebsonSecurity reported that Target may have had earlier warning of a problem.
In January, minority Democrats on the House Energy and Commerce committee also sent a letter to Target requesting documents.
A Target spokeswoman did not have an immediate response to the committee's request. Target shares were up 0.4 percent in early afternoon trading at $56.34.
Comments
Comments are closed.