Minneapolis – John Mulligan, executive VP and CFO of Target, said the retailer is deeply sorry for its late 2013 data security breach and is aware that consumer confidence in the company is shaken; his comments came during Feb. 4 testimony before the Senate Judiciary Committee.
According to Reuters, Mulligan also said that Target discovered 25 registers infected with malware on Dec. 18, contradicting an earlier statement from the retailer that all malware had been removed by Dec. 15.
Mulligan also said Target is thoroughly reviewing the security of its payment network and issuing new cards to customers who request them. He said the Department of Justice initially informed Target of suspicious card activity on Dec. 12, and the company then investigated, removed malware and publicly announced the breach Dec. 19.
Senators on the committee said U.S. retailers need to adopt both chip-based payment cards and four-digit customers PINs to go with them. Mulligan said Target wants to switch to chip-and-PIN card payment but so far banks have not supported the move. Committee chairman Patrick Leahy (D-Vt.) has proposed legislation to create a national standard for companies to report data breaches to the public, which has been endorsed by Federal Trade Commission chairwoman Edith Ramirez.
In addition, Michael Kingston, senior VP and CIO at Neiman Marcus Group, testified that a processing firm informed Neiman Marcus of a data breach on Dec. 13, and the retailers informed the public on Jan. 10. Neiman Marcus concluded that the breach occurred between July 16 and Oct. 30.