MINNEAPOLIS — John Mulligan, EVP and CFO of Target, said the retailer is deeply sorry for its late 2013 data security breach and is aware that consumer confidence in the company is shaken; his comments came during a Feb. 4 testimony before the Senate Judiciary Committee.
According to Reuters, Mulligan also said that Target discovered 25 registers infected with malware on Dec. 18, contradicting an earlier statement from the retailer that all malware had been removed by Dec. 15.
Mulligan also said Target is thoroughly reviewing the security of its payment network and issuing new cards to customers who request them. He said the Department of Justice initially informed Target of suspicious card activity on Dec. 12, and the company then investigated, removed malware and publicly announced the breach Dec. 19.
Senators on the committee said U.S. retailers need to adopt both chip-based payment cards and four-digit customer PINs to go with them. Mulligan said Target wants to switch to chip-and-PIN card payment, but so far banks have not supported the move. Committee chairman Patrick Leahy (D-Vt.) has proposed legislation to create a national standard for companies to report data breaches to the public, which has been endorsed by Federal Trade Commission chairwoman Edith Ramirez.