After an estimated 40 million credit and debit cards were breached and names, addresses and phone numbers for nearly 70 million people were swiped, one would expect that it was only a matter of time before the Department of Justice (DOJ) decided to do a little investigating of its own of retail giant Target.
On Jan. 29, U.S. Attorney General Eric Holder confirmed to the Senate Judiciary Committee what many had suspected: The DOJ will investigate the massive data breach and determine how the retailer had let the incident occur.
“The Department of Justice takes seriously reports of any data breach, particularly those involving personally identifiable or financial information, and looks into allegations that are brought to its attention,” Holder said at the government meeting.
Although the DOJ typically does not announce these investigations publicly, especially in their early stages, the massive scope of the Target breach makes this particular case unique.
“While we generally do not discuss specific matters under investigation, I can confirm the department is investigating the breach involving the U.S. retailer, Target,” said Holder. “And we are committed to working to find not only the perpetrators of these sorts of data breaches – but also any individuals and groups who exploit that data via credit card fraud.”
According to USA Today, Target has agreed to work with federal officials in the government’s investigation. But that just adds more work for the Target in-house legal team: Just four days after Target’s initial breach announcement, 11 class action lawsuits had already been filed against the company, and many more have poured in since that point.
However, while Target may be the largest breach, it is not the only company facing current data security concerns. On Jan. 22, high-end retailer Neiman Marcus reported that a potential data breach had resulted in approximately 2,400 customers’ cards being used improperly. And LabMD and Wyndham Worldwide have ended up in court cases of their own following data breaches, challenging the government response to their respective company’s data concerns.
In the wake of these cybersecurity issues, big U.S. retailers have called on Congress for more regulation for data breach issues. The Federal Trade Commission has also recently pushed to be given more power to become the full regulatory body for cybersecurity concerns.
Cybersecurity is on the top of mind for many in-house counsel, and InsideCounsel has all angles covered: