Three ranking Democratic lawmakers wrote Target's CEO seeking cybersecurity documents and whether the firm knew its POS terminals were infected with malware before the breach.
The three legislators, Henry Waxman (D-Calif), Diana DeGette (D-Colo.) and Jan Schakowsky (D-Ill.), noted that the House Committee on Energy and Commerce plans a hearing on the breach on Feb. 5, and said they requested the documents in advance of the hearing.
Waxman is the Ranking Member on the Commerce Committee, and DeGette and Schakowsky are the Ranking Members on its Subcommittee on Oversight and Investigations and Subcommittee on Commerce, Manufacturing and Trade, respectively.
The Jan. 23 letter was directed to Target CEO Gregg Steinhafel.
The legislators asked for all written policies and guidelines related to threat monitoring, network security and POS system protection; documents indicating how much money Target spent on network security in 2013, and whether or not additional personnel were hired or materials purchased to protect the systems during the holiday shopping season; all email correspondence, analysis or reports concerning the Kaptoxa malware package and POS system security prior to the breach; and, all documents related to Target's response and public notification after the breach.
The legislators wrote that a lot of the information is sensitive and that the investigation into the breach is ongoing. Nevertheless, the legislative trio wrote “[t]he Committee has a long history of working with confidential and classified material in a sensitive manner and we are happy to work with you and your staff to ensure that this is the case in this investigation.”