WASHINGTON — Attorney General Eric Holder on Monday called on Congress to create and pass a national data-breach notification standard to quickly alert consumers when their personal information might have been compromised in a cyber attack and strengthen the Department of Justice’s authority to combat cyber crimes.
“Last year, Target, the second-largest discount retailer in the United States, suffered a massive data breach that may have compromised the personal information of as many as 70 million people, in addition to credit and debit card information of up to 40 million customers,” Holder said in a video posted on the agency’s Web site. “The Department of Justice is currently investigating this breach in close coordination with the United States Secret Service and we are moving aggressively to respond to hacking, cyber attacks and other crimes that harm American consumers and expose personal or financial information to those who would take advantage of their fellow citizens.”
He also pointed to the breach at Neiman Marcus that potentially affected 1.1 million consumers. He said, “As we have seen, especially in recent years, these crimes are becoming all too common and they have the potential to impact millions of Americans every year.”
Holder urged lawmakers to pass legislation to help law enforcement crack down on cyber crimes and create a national standard requiring businesses to notify consumers quickly when a data breach is discovered.
“This would empower the American people to protect themselves if they are at risk of identity theft,” Holder said. “It would enable law enforcement to better investigate these crimes and to hold compromised entities accountable when they fail to keep sensitive information safe.”
He added that he is also seeking “reasonable exemptions for harmless breaches” in the legislation that “avoid placing unnecessary burdens on businesses that do act responsibly.”
Lawmakers held a series of hearings on the data security breaches this month in the wake of the high-profile attacks at Target and Neiman’s, and some have said they are crafting legislation that would establish a national data-breach notification standard.
Sen. Patrick Leahy (D., Vt.), chairman of the Senate Judiciary Committee, has tried to advance his own data-privacy legislation since 2005. The bill, which he reintroduced in early January, would establish a national standard for data-breach notification and require U.S. businesses that collect and store consumers’ sensitive personal information to safeguard that information from cyber threats.
The retail industry’s two top trade groups have formed a partnership with the financial services industry to focus on improving threat-information sharing, strengthen card security technology and improve the security of e-commerce purchases and mobile transactions.