In the wake of the massive Target data breach that compromised more than 40 million credit and debit card accounts as well as the personally identifiable information of as many as 70 million consumers, Democratic members of the Financial Services Committee have called for an inquiry into the problem.
In a letter to Financial Services Committee Chairman Jeb Hensarling (R-TX), 17 Democrats asked for a full Committee hearing to explore the recent data breach, review current law designed to protect consumers and determine what can be done to ensure the future security of consumers' card information.
The call by Democrats comes in the midst of significant Republican scrutiny into the data collection and security procedures of a number of government entities. On numerous occasions, Republicans have expressed concern and even introduced legislation designed to address the prospect of security issues within the Affordable Care Act website and the Consumer Financial Protection Bureau. In stark contrast to those concerns, Committee Republicans have given no indication they plan to take action on this massive security breach at hand.
The letter, led by Ranking Member Maxine Waters (D-CA), cited the Committee's oversight plan for the 113th Congress, which espoused the need to continue evaluating the best way to protect security and confidentiality of consumer financial information.
"It is incumbent upon our Committee to explore whether industry data protection standards are appropriate, and examine whether heightened regulatory standards are needed to more effectively protect consumers," the Democrats wrote. "A hearing would provide members the opportunity to hear from regulators and the industry to learn what steps merchants, financial institutions, payment processers, card networks and others should take to reduce vulnerabilities in the payment system, and strengthen measures that protect consumers from fraud."
Industry analysts have said that the Target data beach is among the largest recorded financial data security breaches in history.
Full text of the letter is below. The original is can be found here.
January 10, 2014
The Honorable Jeb Hensarling
Committee on Financial Services
U.S. House of Representatives
Washington, D.C. 20515
Dear Chairman Hensarling:
The Target Corporation recently acknowledged that from November 27 to December 15, 2013, hackers stole credit and debit card information including card numbers, expirations dates and security codes for 40 million accounts, and other personally identifiable information for as many as 70 million customers. Accordingly, we respectfully request that you convene a full Financial Services Committee hearing to review the recent data breach including the adequacy of current consumer financial data security protection laws, and what Congress and industry stakeholders can proactively do to ensure the future security of consumers' card information.
We note that the Committee's oversight plan for the 113th Congress states that "building on the Committee's long-standing role in developing laws governing the handling of sensitive personal financial information about consumers including the Gramm-Leach-Bliley Act and the Fair and Accurate Credit Transactions Act (FACT Act), the Committee will continue to evaluate best practices for protecting the security and confidentiality of such information from any loss, unauthorized access, or misuse."
The Target breach--which industry analysts say is among the largest recorded financial data security breaches--raises important questions about what merchants who suspect a data breach has occurred must disclose, when they must disclose it, and who has the right to be notified. Quick notification of a breach increases the likelihood that consumers can take measures to protect themselves from fraudulent activity and is similarly critical to successfully reducing the ultimate fraud losses that financial institutions incur.
It is incumbent upon our Committee to explore whether industry data protection standards are appropriate, and examine whether heightened regulatory standards are needed to more effectively protect consumers. A hearing would provide members the opportunity to hear from regulators and the industry to learn what steps merchants, financial institutions, payment processers, card networks and others should take to reduce vulnerabilities in the payment system, and strengthen measures that protect consumers from fraud.
Consumers deserve reasonable assurances that the use of their credit or debit card will not jeopardize their financial and other personally identifiable information. This is increasingly important as companies continue to amass vast amounts of consumers' sensitive personal information.
We appreciate your attention to this request.
Maxine Waters (CA), Ranking Member
Carolyn Maloney (NY)
Daniel T. Kildee (MI)
Wm. Lacy Clay (MO)
Terri A. Sewell (AL)
James A. Himes (CT)
Gary C. Peters (MI)
Gwen Moore (WI)
Denny Heck (WA)
Michael E. Capuano (MA)
Kyrsten Sinema (AZ)
Emanuel Cleaver (MO)
Ed Perlmutter (CO)
David Scott (GA)
Bill Foster (IL)
Stephen F. Lynch (MA)
Gregory W. Meeks (NY)