Security Secrets Create Hurdles for Lawmakers
While lawmakers this week were looking to get to the bottom of the recent data breaches at Target and Neiman Marcus and possibly craft legislation to respond to those attacks, they were faced with a stark reality from the investigations: They and the public won’t be getting solid answers anytime soon.
Representatives from both companies appeared before congressional committees, as did William Noonan, deputy special agent in charge at the Secret Service, which is investigating the breaches under its jurisdiction over financial crimes.
But those officials said they weren’t able to do much more than talk in generalities about breaches and security procedures. Noonan said Target and Neiman Marcus were hit by “highly technical criminal organizations” over a “heavy period of collection time,” although he could not elaborate more while the investigation is under way.
“I think you’re getting this from the media, perhaps,” Noonan told Montana Democrat Sen. Jon Tester during a Monday hearing, noting that the attackers in the Target breach collected customer information as it came into the company, not when it was stored on its networks. “There’s more to the investigation.”
Troy Leach, chief technology officer for the PCI Security Standards Council, a payment card industry group, said in an interview that details about data breaches always trickle out, rather than flow. Retailers facing litigation won’t talk about technical details, he said, and law enforcement agencies won’t open up until they’re done with lengthy investigations.
Without that sort of information, there’s little the government or other private sector entities can do to respond to specific threats that lead to breaches.
“Everybody’s got an opinion, but nobody’s really got an idea of the cause of this thing, because there are really only a couple of people examining it,” he said. “There’s Target, there’s whatever company they’ve hired to do the forensics, and ultimately they will share that information with the credit card companies. And probably the Secret Service knows something about what’s going on. But none of these people are talking.”