Data breaches at U.S. retail stores presents a dramatically escalating theft problem for the country, participants at a hearing in Washington said Tuesday.
The Senate panel on the judiciary heard from executives from department store Neiman Marcus and Target, the country's second largest retailer after Walmart, which reported a data breach that affected 110 million customers through the 2013 holiday shopping season.
Neiman Marcus Senior Vice President and Chief Information Officer Michael Kingston said Tuesday the data breach that hit Neiman Marcus included data theft that occurred in 77 of the companies 85 stores between July and October of 2013.
Both Kingston and Target Chief Financial Officer John Mulligan said their stores had reacted swiftly to the breaches by alerting authorities and extensive, in-house forensic investigations.
The problem was summed up in opening remarks by Sen. Patric Leahy, D-Vt., who said, "I know never had a time my wife and I have been so assiduous at checking our credit card bills. But that's the same with everybody."
The issue of compromised personal financial information has involved "more than 662 million records ... since 2005," Leahy said, using numbers from the Privacy Rights Clearing House.
In addition, "It's not like when somebody comes and robs a store. You know where it happened. You have some general idea of where the perpetrator is. Here the perpetrator could be thousands upon thousands of miles away in another country," Leahy said.
"This is truly disturbing," said Delara Derakhshani, policy council of Consumers Union, the policy and advocacy division of Consumers Reports.
"Of particular concern is debit cards, which carry fewer legal protections," she said.
Although laws keep consumers from feeling the full impact of a theft made with their personal information, "if someone steals their debit card data or PIN number, data thieves can still empty out a consumer's bank account and set off a cascade of bounced checks and late fees which victims will have to settle down the road," Derakhshani said.
Leahy named a few of the businesses and agencies that have been hit by hackers in recent years. The list includes "Sony, Epsilon, Coca-Cola ... the Departments of Veterans Affairs [and U.S. Department of] Energy."
"The past few days we also learned of data breaches at Yahoo! and White Lodging, which is a hotel management company for a national chain such as Marriott and Starwood," Leahy said.
"Businesses that suffer cyberattacks are also often the victims of a cybercrime," he noted.
"A recent study sponsored by Symantec found that data breaches involved in malicious cyberattacks are the most costly data breaches around the globe. The per capita cost of such cyberattacks in the United States was $277 for compromised record in 2013, times that by millions upon millions upon millions. It's the highest cost for any nation that's been surveyed," Leahy said.