JERSEY CITY, NJ - U.S. Senator Robert Menendez (D-NJ) today announced that he has sent a letter to the head of the Federal Trade Commission requesting an update in its efforts into last week's security breach at Target Corporation retail stores. In addition, he has asked the FTC to recommend any further legislative action that will ensure consumers are better protected.

"Our country's consumers depend upon safe and secure transactions, and especially at this crucial time of year, our country's retailers must commit to fulfilling that expectation," Sen. Menendez wrote to FTC Chairwoman Edith Ramirez. "Unfortunately, these data breaches are becoming increasingly common."

"I applaud Senator Menendez in his efforts to guard the American consumer from retailer's failures when it comes to security breaches," said Congressman Albio Sires (D-NJ). "I intend to support similar legislation with my colleagues in the House of Representatives in ensuring security breaches such as this one does not happen again and to make sure all transactions are protected and secure."

Target announced that a data breach had occurred between November 27 and December 15, 2013 affecting roughly 40-million credit and debit card accounts, compromising customers' names, card information and security codes to hackers. While Target has reassured its customers that the breach has been resolved, it has not publically disclosed how the perpetrators managed to slip past its data security.

"The 40-million compromised accounts represent one of the largest corporate security breaches in history, potentially exposing millions of people who shopped this holiday season to fraudulent charges, identity theft, and other inexcusable hardships," Sen. Menendez continued.

Sen. Menendez asked Chairwoman Ramirez the FTC needs further legislative authority to hold retailers accountable for failures to protect consumers' sensitive data. He noted that when the FTC settled charges it brought against the parent company of TJ Maxx and Marshalls after it experienced a massive data breach in 2006, it was not permitted to levy fines or penalties. The company did, however, agree to upgrade its data security and submit itself to periodic third-party audits.

"Protecting both consumer confidence and our national economy, as well as the identity of the American consumer, is vital not only during the holiday shopping period, but throughout the year," said Jersey City Mayor Steven M. Fulop. "Senator Menendez is on the mark for pushing the FTC on its investigation and to make recommendations that would ensure better consumer protection."

A member of the Senate Committees on Banking, Housing and Urban Affairs, and Finance, Sen. Menendez has led efforts to ensure consumers are protected and able to make informed choices:

  • Last Thursday, December 19th, Sen. Menendez introduced the Prepaid Card Consumer Protection Act Of 2013 to rein in hidden fees and strengthen financial protections for consumers who use prepaid cards. The bill also requires full disclosure of all fees before a consumer buys the card.
  • On December, 16th, he introduced The TOTAL Act to protect online shoppers from hidden fees by requiring retailers to provide a final tabulation of charges before orders are placed. It also would expand the FTC's authority to give customers a right to a "confirm screen" and also provide for dual enforcement at the state level.
  • The author of the Clean Airfares Act, Sen. Menendez, last week, joined Sens. Charles Schumer and Barbara Boxer in a letter to Department of Transportation Secretary Anthony Foxx and Office of Management and Budget Director Sylvia Mathews Burwell urging them to expedite approval of regulations that would require airlines to fully disclose ancillary fees associated with a passenger's purchase of a ticket on their websites.
  • In the last Congress, Sen. Menendez introduced the Cybersecurity Enhancement Act of 2011, which aimed to improve cybersecurity coordination among government agencies and fund research grants to develop a long-term anticipatory cybersecurity plan.

Full text of the letter to Chairwoman Ramirez follows and can be downloaded here:

December 20, 2013

Edith Ramirez
Chairwoman
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580

Dear Chairwoman Ramirez:

I write regarding the recent customer data breach at Target Corporation retail stores. Our country's consumers depend upon safe and secure transactions, and especially at this crucial time of year, our country's retailers must commit to fulfilling that expectation. Unfortunately, these data breaches are becoming increasingly common. Therefore, I write to request an update on the Federal Trade Commission's efforts in regard to this and other data breach situations, as well as whether additional legislative support would help to protect consumers.

As you know, on December 19th, Target announced a data breach that affected roughly 40 million credit and debit card accounts, including customers' names, card information, and security codes. While Target has claimed that the breach has been resolved, it still has not publically disclosed the means or methods used by the perpetrators of the data breach. The 40 million compromised accounts represent one of the largest corporate security breaches in history, potentially exposing millions of people who shopped this holiday season to fraudulent charges, identity theft, and other inexcusable hardships.

The FTC has authority to ensure that companies protect consumer's privacy, and I request an update on your agency's efforts to enforce this mandate. Both Section 5 of the FTC Act and other related provisions authorize FTC action in certain cases, particularly when companies pledge to protect consumer information and fail to uphold that promise. Therefore, I ask for an update on what the FTC is doing in response to this latest breach, as well as the FTC's efforts to ensure that similar data breaches do not occur in the future.

Additionally, I write to ascertain whether any legislative fixes may be necessary. When the parent company of TJ Maxx and Marshalls experienced a similarly large data breach in 2006, the FTC brought charges to hold the company accountable. The resulting settlement brought needed upgrades to the parent company, including periodic audits by third-party vendors and additional data security measures, yet the FTC Act did not permit the levying of fines or penalties. Therefore, I write to ask whether the FTC needs additional legislative authority in order to ensure consumer protection and improve retail outlets' ability to protect consumers' sensitive data.

Securing customers' data benefits both consumers and retailers. These breaches endanger consumers' sensitive financial information while also harming the affected merchants. Our nation's regulators must be vigilant to ensure a safe and secure environment to protect all involved. I ask that you please provide a response regarding my requests. If you have any questions, please contact my Chief Counsel, Kerri Talbot, at (202) 224-4744.

Thank you for your continued work on this issue. I look forward to hearing from you.

Sincerely,

Robert Menendez
United States Senator

###