{
  "id": "R43496",
  "type": "CRS Report",
  "typeId": "REPORTS",
  "number": "R43496",
  "active": true,
  "source": "EveryCRSReport.com, University of North Texas Libraries Government Documents Department",
  "versions": [
    {
      "source": "EveryCRSReport.com",
      "id": 438133,
      "date": "2015-02-04",
      "retrieved": "2016-04-06T19:32:05.731343",
      "title": "The Target and Other Financial Data Breaches: Frequently Asked Questions",
      "summary": "In November and December of 2013, cybercriminals breached the data security of Target, one of the largest U.S. retail chains, stealing the personal and financial information of millions of customers. On December 19, 2013, Target confirmed that some 40 million credit and debit card account numbers had been stolen. On January 10, 2014, Target announced that personal information, including the names, addresses, phone numbers, and email addresses of up to 70 million customers, was also stolen during the data breach. A report by the Senate Committee on Commerce in March 2014 concluded that Target missed opportunities to prevent the data breach. \nTarget. To date, Target has reported data breach costs of $248 million. Independent sources have made back-of-the-envelope estimates ranging from $240 million to $2.2 billion in fraudulent charges alone. This does not include additional potential costs to consumers concerned about their personal information or credit histories; potential fines or penalties to Target, financial institutions, or others; or any costs to Target related to a loss of consumer confidence. The breach was among the largest in U.S. history.\nConsumer concern over the scale of this data breach has fueled further congressional attention on the Target breach and data security and data breaches more broadly. In the wake of Target\u2019s revelations, between February 3 and April 2, 2014, Congress held seven hearings by six different committees related to these topics. In addition to examining the events surrounding the Target breach, hearings have focused on preventing such data breaches, improving data security standards, protecting consumers\u2019 personal data, and notifying consumers when their data have been compromised. \nOther financial data breaches. In addition to Target, there have been data breaches at Home Depot, JPMorgan Chase, Sony, and Adobe. Payment card information was obtained at Adobe and Home Depot. Hackers downloaded a wide range of company confidential information at Sony, and they obtained contact information in the JPMorgan Chase breach.\nPolicy options discussed in these hearings include federal legislation to require notification to consumers when their data have been breached; potentially increase Federal Trade Commission (FTC) powers and authorities over companies\u2019 data security; and create a federal standard for the general quality or reasonableness of companies\u2019 data security. The hearings also broached the broader question of whether the government should play a role in encouraging or even requiring companies to adopt newer data security technologies. \nNone of the legislation introduced in the 113th Congress that addressed these various issues became law. In 2014 and 2015, the Obama Administration encouraged Congress to pass legislation on data security and data breach notification. Attorney General Eric Holder issued a public statement in the wake of the Target breach on February 24, 2014, that urged Congress to pass a federal data breach notification law, which would hold entities accountable when they fail to keep sensitive information safe. The FTC also called on Congress to pass a federal data security law, including data breach notification and to increase the commission\u2019s explicit statutory authority over data security issues. \nKey questions. This report answers some frequently asked questions about the Target and selected other data breaches, including what is known to have happened in the breach, and what costs may result. It also examines some of the broader issues common to data breaches, including how the payment system works, how cybersecurity costs are shared and allocated within the payment system, who bears the losses in such breaches more generally, what emerging cybersecurity technologies may help prevent them, and what role the government could play in encouraging their adoption. The report addresses policy issues that were discussed in the 113th Congress to deal with these issues. \nUpdating. This report will be updated as warranted by legislative action in the 114th Congress and by further payment system developments.",
      "type": "CRS Report",
      "typeId": "REPORTS",
      "active": true,
      "formats": [
        {
          "format": "HTML",
          "encoding": "utf-8",
          "url": "http://www.crs.gov/Reports/R43496",
          "sha1": "0c9a8afd732d8565f8c666003b7470a9a8f9ecec",
          "filename": "files/20150204_R43496_0c9a8afd732d8565f8c666003b7470a9a8f9ecec.html",
          "images": null
        },
        {
          "format": "PDF",
          "encoding": null,
          "url": "http://www.crs.gov/Reports/pdf/R43496",
          "sha1": "104037399960a5fb03ff54c39614315ac2664829",
          "filename": "files/20150204_R43496_104037399960a5fb03ff54c39614315ac2664829.pdf",
          "images": null
        }
      ],
      "topics": [
        {
          "source": "IBCList",
          "id": 4300,
          "name": "Cybersecurity"
        }
      ]
    },
    {
      "source": "University of North Texas Libraries Government Documents Department",
      "sourceLink": "https://digital.library.unt.edu/ark:/67531/metadc306542/",
      "id": "R43496_2014Apr22",
      "date": "2014-04-22",
      "retrieved": "2014-07-08T21:53:44",
      "title": "The Target Data Breach: Frequently Asked Questions",
      "summary": "This report answers some frequently asked questions about the Target (store) data breach, including what is known to have happened in the breach, and what costs may result. It also examines some of the broader issues common to data breaches, including how the payment system works, how cybersecurity costs are shared and allocated within the payment system, who bears the losses in such breaches more generally, what emerging cybersecurity technologies may help prevent them, and what role the government could play in encouraging their adoption, as well as some of the legislation that the 113th Congress has introduced to deal with these issues.",
      "type": "CRS Report",
      "typeId": "REPORT",
      "active": false,
      "formats": [
        {
          "format": "PDF",
          "filename": "files/20140422_R43496_23bcee0b0a37f2232c155596012cff714207a323.pdf"
        },
        {
          "format": "HTML",
          "filename": "files/20140422_R43496_23bcee0b0a37f2232c155596012cff714207a323.html",
          "source": "pymupdf"
        }
      ],
      "topics": [
        {
          "source": "LIV",
          "id": "Data transmission systems",
          "name": "Data transmission systems"
        },
        {
          "source": "LIV",
          "id": "Electronic data interchange",
          "name": "Electronic data interchange"
        },
        {
          "source": "LIV",
          "id": "Electronic data processing",
          "name": "Electronic data processing"
        }
      ]
    }
  ],
  "topics": [
    "Economic Policy",
    "Foreign Affairs",
    "Industry and Trade",
    "Intelligence and National Security"
  ]
}