Morning Security Brief: Target CFO Testifies on Capitol Hill, Tech Companies Reveal NSA Data Requests, and More
Target Corp. CFO John Mulligan is scheduled to testify today before the Senate Judiciary Committee regarding the security breach at the giant retailer; tech companies are disclosing how many users were affected by the NSA's information requests; the GAO issues a new report about a program designed to reduce crashes among commercial trucks and buses; and more.
► The chief financial officer of Target Corp., John Mulligan , will take the stand today on Capitol Hill to testify before the Senate Judiciary Committee regarding the massive security breach at the Minneapolis-based retailer in December. “Lawmakers are expected to grill Mulligan on the details of how hackers gained access to the payments data or personal information of up to 110 million Target customers late last year,” the Minneapolis Star Tribune reports. Appearing alongside Mulligan at the hearing will be federal officials tasked with protecting consumer information. Up until now, Target has said little publicly about the attack, citing its responsibility to prepare customer call centers and local stores before releasing too much information. There are four hearings on Capitol Hill scheduled for this week regarding data security breaches and what to do about them.
► Tech companies Google, Microsoft, Yahoo, Facebook, and LinkedIn have released new data related to information requests made to them by the National Security Agency (NSA), revealing that “tens of thousands of user accounts were affected in 2013 alone,” according to an article on TIME.com. “The new data disclosures are the result of a legal battle over transparency waged by the tech giants against the Justice Department following revelations by former NSA contractor Edward Snowden, who leaked documents to the press describing the role of tech and telecom companies in secret U.S. surveillance programs.” Under the Foreign Surveillance Intelligence Act (FISA), the NSA made requests to the tech companies for everything from e-mails, videos, and chat conversations of users. The government agreed only to allow the companies to disclose in broad numerical ranges how many users were affected; the organizations are still calling for greater transparency.
► The Government Accountability Office (GAO) has issued a report regarding the Federal Motor Carrier Safety Administration's (FMCSA) Compliance, Safety, Accountability (CSA) program. This program is designed to reduce the number of crashes and fatalities related to large commercial truck and bus accidents. The report says one of the key components of that program, the Safety Monitoring System (SMS), is unreliable. The system is based on carrier performance data collected on the vehicles during crashes to determine which carriers are high-risk for accidents. But the GAO says that crashes do not occur often enough to create a strong predictive relationship based on that data. “Revising the SMS methodology would help FMCSA better focus intervention resources where they can have the greatest impact on achieving this goal,” the report states.
► In other news, Holiday Inn and Marriot hotels are reporting a possible breach of their payment card system, affecting 14 of its properties between March 20 and December 16, 2013. ⇒ The United Nations Security Council has called on rebel leaders in Mali to resume talks with the government to prevent further violence. ⇒ ZDNet reports the Wi-Fi login and password credentials for the stadium’s internal network where the Super Bowl was hosted were inadvertently broadcast on a huge monitor inside a security center before the game.