Washington, CT - In response to reports of imminent or ongoing massive cyberattacks on major retailers, U.S. Senator Richard Blumenthal (D-Conn.) today called for immensely strengthened safeguards against hacking and immediate notification for consumers. He pointed to glaring gaps in the protection of consumer information, which led to the successful theft of valuable data from Target and Neiman Marcus, and unacceptable delays by both major retailers in informing consumers. Burgeoning black market sales of consumer information – information such as credit/debit card numbers, passcodes, three-digit security codes, addresses, and social security numbers –victimize consumers through identity theft and other fraud.
"Credible recent reports indicate that cyber thieves are mercilessly raiding retailers nationwide with new malware that puts customers at massive risk,” Blumenthal said. “Target may be only the tip of the information theft iceberg. Highly skilled and sophisticated hackers are reportedly using new Russian-invented malicious software to hack into numerous retailers – exploiting weak protective systems in unprecedented scale and scope. Federal law enforcement agencies are apparently alerting retailers to imminent or ongoing potential attacks.”
Blumenthal also noted recent reports of threatened cyberattacks using recently invented and implemented Russian malware – apparently used in the Target and other invasions to exploit glaring vulnerability at points of sale where magnetic strip cards are swiped.
“Consumers need and deserve to know about these data breaches, and retailers should be held accountable for failing to notify them more promptly,” Blumenthal said. “Retailers must implement better safeguards – technology readily available – to protect customer data now vulnerable at the checkout counter and back office server. Immediate notification is absolutely necessary so consumers can take precautions – monitoring credit bills and charges, for example – to protect themselves against identity theft.”
Blumenthal is a forceful advocate for consumer protection, especially when it comes to protecting consumers’ personal and financial information from data breaches. In December, Blumenthal urged Target to more quickly alert and assist customers whose personal and financial information had become vulnerable as a result of the November/December data breach. He urged Neiman Marcus to do the same the following month.
“I call on retailers to immediately buttress data wall protections – install the highest tech cyber fortress – to repel and deter hacker attacks. Retailers must notify customers the moment they know about a data breach, not when it fits a business strategy,” Blumenthal said. “I urge federal agencies to vigorously investigate and prosecute cyber thieves – and warn the public to create awareness. I will urgently work for legislation to require these steps – better protection, prompter notification, stiffer prosecution and punishment.”
Blumenthal added, “The President commendably cited concerns about private data collection in his speech Friday, noting that vital and valuable confidential consumer information is collected and stored by corporations of all sizes and shapes. Although government intelligence reform is in the headlines, we should be equally concerned about security of confidential information in private business hands – and protect privacy rights that may be vulnerable or violated.”
Blumenthal is the sponsor of the Personal Data Protection and Breach Accountability Act, legislation he introduced in 2011 that takes a substantive, multi-pronged approach to combating the risks associated with data breaches for both consumers and businesses. Specifically, the legislation would:
· Ensure companies take adequate steps to protect individuals from data breaches before they occur;
· Promote information sharing between companies to help prevent future breaches;
· Provide remedies to individual consumers in the wake of data breaches; and
· Allow consumers to recover damages for injuries caused by the failure of companies to protect their personal and financial information.
Although the Personal Data Protection and Breach Accountability Act was favorably reported out of the Senate Judiciary Committee during the 112th Congress, it was never enacted. Blumenthal will reintroduce the legislation this year.