The sign outside the Target store is seen in Arvada, Colo, on Jan. 10, 2014. Credit: Reuters
Target Corp. has agreed to testify before Congress in early February about a data breach that compromised credit and debit card and personal data of millions of customers, a House of Representatives subcommittee said on Thursday.
Representative Lee Terry, who chairs the commerce, manufacturing and trade subcommittee of the House Committee on Energy and Commerce, said in a statement that a hearing conducted by his panel would examine such data breaches and their effect on consumers.
The subcommittee said it expects to take testimony from law enforcement officials and others, in addition to one or more representatives of Target, the third largest U.S. retailer.
Target has said a breach of its networks during the busy holiday shopping period resulted in the theft of about 40 million credit and debit card records and 70 million other records with customer information such as addresses and telephone numbers.
"By examining these recent breaches and their consequences on consumers, we hope to gain a better understanding of the nature of these crimes and what steps can be taken to further protect information and limit cyber threats," Terry said.
The subcommittee has approached the U.S. Secret Service, the lead investigator into recent data breaches at both Target and Neiman Marcus, and its parent agency, the Department of Homeland Security, about participating in the hearing, a subcommittee official said.
Because the Target breach is under active investigation, the amount of detail that will discussed at the hearing on how the breach occurred and where investigations are headed is unclear.
Instead, the official said, the main objective of the hearing would be to examine how consumers were affected by the data breach and what they can do to protect themselves against such data intrusions.
"We are continuing to work (with) elected officials to keep them informed and updated as our investigation continues," Target said."
No federal laws exist that set out standard rules for when and how companies must report data breaches to customers and law enforcement agencies
As a result, the lack of federal regulations means that U.S. agencies such as the Secret Service may not have been notified by companies of all major recent breaches.
Separately, leaders of the Senate Commerce Committee have written to Target seeking information about the recent breach from the retailer's security officials.