Target's John Mulligan grilled by Senate committee over data breach

Categories: Target
John Mulligan, Target chief financial officer and executive vice president
Target CFO John Mulligan took heat this morning from U.S. senators about the recent massive data breach. He apologized, once again, on behalf of the company but urged the government to work with the private sector in thwarting cyber attacks of retailers.

"To prevent this from happening again, none of us can go it alone," Mulligan said. "We need to work together."

SEE ALSO: Massive Target data breach affects in-store shoppers who used credit cards

In response to breaches at Target as well as Neiman Marcus, Sen. Patrick Leahy of Vermont has reintroduced legislation that would penalize companies that hide data breaches and establish a nationwide standard for notifying consumers when it happens. Leahy chairs the Senate Judiciary Committee, which includes both Minnesota's senators, Al Franken and Amy Klobuchar.

"Our laws have to be as sophisticated as the crooks who are breaking them," Klobuchar said Tuesday.

She asked a panel of retail, security, and consumer representatives what is preventing American retailers from adopting smart-chip credit card technology, which is more difficult to duplicate and has been adopted in Europe.

Mulligan responded that Target tried out the "chip-and-pin" cards as early as 2003 but there wasn't broad support from other retailers. He said the company plans to give it another shot by early 2015.

Minnesota senators Amy Klobuchar and Al Franken
The harshest criticism of the morning came from Democratic Sen. Richard Blumenthal of Connecticut. At one point, he speculated whether "the continuing series of significant, even sensational, breaches" was "an indictment of the American retailing industry in its failure to protect consumer information," to which no one answered directly.

Mulligan's apology was coupled with a defense of the company's handling of the breach. He insisted that Target had spent millions in recent years to boost cyber security and train staff.

However, as a recent New York Times article noted, "Entering through a digital gateway, the criminals discovered that Target's systems were astonishingly open -- lacking the virtual walls and motion detectors found in secure networks like many banks'."

During the hearing, Franken quoted from the NYT article and threw out statistics that the U.S. accounts for a quarter of the world's payment card transactions but half of world's credit fraud.

In explaining why he's co-signing Leahy's bill, Franken added, "I think the people have a fundamental right to privacy. Part of that right is knowing that your data is secure."

-- Follow Jesse Marx on Twitter @marxjesse or send tips to

Sponsor Content

My Voice Nation Help
CinBlueland topcommenter

Not sure what Bob has been smoking, but in most orgs/corps Security is almost like the NSA.

Varies from company to company but in general they've got a good idea of what you're clicking.

Target got nailed by a breach with a contractor and yet they're dragged in front of Congress?!

Security experts around the country have cited how bad the security is on state and Fed health care sites.. Never mind.. it's just your SS ID and personal info.. nothing important like your credit card that you can cancel.. 

Well, heard they are behind on numbers.. Hurry up Obamamites!! Sign up today for your country!!  

**Shaddup, don't want to hear that you are healthy or just a poor student.. Sign up!! We need your money to make this work.  Trust us, we're the gov't when you're older and have a knee issue from 20 yrs of riding your bike you'll go to the head of the line and get the most advanced treatment available.

Bob B Bopp
Bob B Bopp

Maybe it was all an inside job and members of congress are interviewing for a slice of the pie?

Lisa Cooney Weimar
Lisa Cooney Weimar

Interesting use of the word "grilled". Per usual, the media=drama.

Bob Alberti
Bob Alberti

You know what the biggest security vulnerability is for most businesses, such as Target? The security group reports to the IT department. That's a conflict-of-interest that dooms many organizations to substandard security, because the job of IT is to keep the business running, and sometimes the job of security is to stop the business from running insecurely. So whenever it's a choice between "do it fast and make money" and "slow down and be safe," business stomps on the gas pedal - and on information security. To be more secure, business needs to restructure itself so that information security is in an ADVERSARIAL role with IT, not the present SUBORDINATE role. The Chief Information Security Officer ought to report to either the Board, the CEO, or the Chief Financial Officer (who is qualified to assess and valuate risk). Target has a robust security team, many of whom I know and some of whom have been my colleagues from time to time. Target spends lots of money on IT and on Security. But security at Target doesn't report to the CFO, so why is Congress grilling the CFO? Until business resolves this fundamental conflict of interest, fast and wrong will beat slow and right every single time.

Now Trending

Minnesota Concert Tickets

From the Vault