Sen. Rockefeller Questions Company’s Efforts to Prevent Breach.

by. Jeffrey Roman

Following the release of a new Senate report that analyzed how Target Corp. possibly missed several opportunities to prevent a massive data breach last year, Sen. John Rockefeller, D-W.Va., grilled the company’s CFO at a March 26 hearing about the retailer’s actions.

During the Senate Commerce, Science and Transportation Committee hearing, Rockefeller questioned Target’s John Mulligan about the steps the company could have taken to prevent the breach that compromised 40 million credit and debit card details and personal information about 70 million customers.

“The report walked through many steps attackers had to go through in order to hack your company,” Rockefeller said during the hearing. “Then it explains how Target could have prevented the breach if you had stopped attackers from completing even just one of the steps [in the report].”

For example, the report prepared for the committee notes that Target gave network access to a third-party vendor, which did not appear to follow broadly accepted information security practices. The vendor’s weak security apparently allowed the attackers to gain a foothold in Target’s network, the report notes (see: Target Vendor Acknowledges Breach).

continue reading »