Accessibility links

Breaking News

Official: Many US Companies Lax with Data Security


Attorney General for the State of Illinois Lisa Madigan testifies before the House Energy and Commerce Subcommittee on protecting consumer information in Washington February 5, 2014.
Attorney General for the State of Illinois Lisa Madigan testifies before the House Energy and Commerce Subcommittee on protecting consumer information in Washington February 5, 2014.
U.S. companies that have fallen prey to hackers, exposing the private information of millions of customers, have often failed to take basic security precautions to protect client data, Illinois Attorney General Lisa Madigan told a U.S. House panel on Wednesday.

Madigan said previous investigations, conducted before the recent spate of high-profile breaches, had turned up repeated instances where companies allowed their systems to retain unencrypted data, failed to install software patches for known vulnerabilities and retained information longer than necessary.

Madigan said her office and that of Connecticut Attorney General George Jepsen are now leading a multistate investigation into recent data breaches that affected millions of customers of U.S. retailers Target Corp, Neiman Marcus Group LLC , and Michaels Stores Inc.

On Tuesday, top executives of Target and Neiman Marcus told the Senate Judiciary Committee that hackers had found ways to penetrate their best security practices. Both companies bemoaned the sophistication of hackers behind recent data breaches that exposed the private data of millions of their customers.

“During prior breach investigations, we have found instances when companies failed to take basic steps to protect consumer data,” Madigan told the House Energy and Commerce committee. “So the notion that companies are already doing everything they can to prevent breaches is false.”

The companies offered reasons for not deploying more secure technology that ranged from high costs to length of check-out times to disputes between banks and retailers, Madigan said.

“Frankly, it is negligent of the U.S. to fall behind the rest of the world when it comes to security of our payment systems,” she said.

In testimony on Tuesday, Target Chief Financial Officer John Mulligan apologized for a cyber breach over the holiday shopping period in which about 40 million credit and debit card records were stolen, along with 70 million other records with personal customer information such as telephone numbers.

He told the committee the company had not been aware its systems had been hacked before being notified of the breach by the U.S. Justice Department.

The companies, joined by lawmakers and consumer advocates, suggested an accelerated move to a new type of payment cards known as “chip-and-PIN.” Those cards store customer information on computer chips and require users to type in personal identification numbers to make further breaches less likely.

Some U.S. lawmakers are once again taking up an effort to pass legislation to regulate data breach responses after similar pushes gained little traction in the past.
  • 16x9 Image

    Reuters

    Reuters is a news agency founded in 1851 and owned by the Thomson Reuters Corporation based in Toronto, Canada. One of the world's largest wire services, it provides financial news as well as international coverage in over 16 languages to more than 1000 newspapers and 750 broadcasters around the globe.

XS
SM
MD
LG