US Senator Diane Feinstein on Tuesday has called for tightening of requirements for companies to initiate immediate notices to its customers should there be a data breach. Feinstein suggested this at a congressional hearing regarding data breach and cybercrime prevention.
The hearing was held in light of the successive massive breaches that happened at companies Target and Neiman Marcus. Executives of both retailers were present in the hearing to testify before the Senate Judiciary Committee, USA Today report said.
According to Neiman Marcus Senior Vice President Michael Kingston, the company first learned about a potential data security problem on December 17 when its credit processor Mastercard disclosed that 122 fraudulen cards has been used purchasing items at its store. Kingston added that forensic investigation on January 2 confirmed that the breach had affected the accounts of its 1.1 million customers.
Feinstein, who claimed during the hearing as a shopper at Neiman Marcus, said she personally was not notified about the breach. Moreover, she claimed that she had shopped at one of the retailer's stores at the time a malware had been poring over sensitive records of the retailer. She even shot down Kingston's claims that Neiman Marcus did send a warning on January 22, saying that it should have been earlier or from the moment it first spotted a potential breach.
"The public notification is always vague, it is non-specific. Then the customer finds out in other ways, sometimes brutal ways, (that their personal data has been stolen)," Feinstein retorted.
Target Executive Vice President and Chief Financial Officer John Mulligan said that the company has made efforts to inform its customers the soonest they confirm a data breach has occurred. "We have been moving as quickly as possible to share accurate and actionable information with the public. Speed is very important in letting consumers know what's going on," Mulligan stated.