Target’s CFO in Washington: Retailer Is “Deeply Sorry” for Breach


Target’s (NYSE:TGT) Chief Financial Officer John Mulligan testified before the U.S. Senate Judiciary Committee Tuesday after he was called to represent the retailer during the hearing on its large-scale security breach. The committee hearing is the first step in a series of congressional panels that have been planned to investigate the Target breach, along with a number of other incidents. Executives from both Target and Neiman Marcus appeared before Congress this week to share their insights on the cases of data theft they both suffered in December, and they each offered possible explanations for what went in to their respective breaches.

According to Reuters, Target representatives appeared deeply apologetic in Washington Tuesday, as Mulligan shared that he and his team were “deeply sorry” for the massive data breach the retailer suffered, while maintaining that the attack “only strengthened our resolve.” Mulligan made it clear that Target recognizes that the breach has led to a decline in its consumers’ trust, but the CFO still asserted, “We will learn from this incident and, as a result, we hope to make Target, and our industry, more secure for customers in the future.”

It was back in mid-December that we first learned of Target’s massive security breach that resulted in the theft of about 40 million credit and debit card records, as well as 70 million other records with customer information. Mulligan explained in Washington this week that the retailer first started its investigation of the breach on December 12 after the Justice Deparment notified the company of suspicious activity involving payment cards used at Target stores.

Three days later, Target confirmed that criminals had hacked its system, stealing payment card data, but the company assured officials that it was that same day that Target removed the malware from all of its U.S. sales registers. Mulligan explained to the U.S. Senate Judiciary Committee, as reported via Reuters, “We now know that the intruder stole a vendor’s credentials to access our system and place malware on our point-of-sale registers. The malware was designed to capture payment card data from the magnetic strip of credit and debit cards prior to encryption within our system.”

Congress has made it clear that it wants proof from retailers that they are taking the next necessary steps to strengthen their security, ensure their consumers’ safety, and guarantee that destructive hacks such as Target’s don’t continue in the future. According to Reuters, Target made those promises Tuesday as Mulligan assured that moving forward, the company has already and will continue to take steps to bolster its security and increase fraud detection for its Target REDcard holders. Executives are also looking into more advanced chip technology for its REDcards, and there is speculation that the Minnesota-based retailer will launch a $100-million chip-enabled smart-card program by early 2015. Those rumors have not yet been confirmed.

Along with Mulligan, Neiman Marcus Group Senior Vice President Michael Kingston appeared at the hearing on Tuesday. The main objective of the hearing is to examine how consumers were affected by Target and Neiman Marcus’ data breaches, as well as determine what retailers can do in the future to protect themselves from such damaging invasions. It is not expected that the reviews will result in any kind of action or legislation on the part of Target, and because the retailer is still in the thick of its own investigation, it is unlikely any data regarding how the breach occurred will be made available. However, the hearing is expected to be helpful in the way it draws conclusions over the necessary security precautions that need to be taken by retailers and how consumers can maintain confidence moving forward.

More From Wall St. Cheat Sheet: