[captioning performed by national captioning institute] [captions Copyright National cable satellite corp. 2014] in a few minutes we will be taking out to be woods in virginia, about 150 years to the civil war and the confederate soldiers. Civil war reenactors are out there, bringing to life the winter of 1864. Well also hear from the director of archaeology at James Madison montpelier. We will be looking for your call and tweets. You can join the conversation at twitter ata cspanhistory. Tonight the Washington PressClub Foundation 70 annual congressional dinner with the lighter side of capitol hill. Tomorrow kentucky senator rand paul is our guest on newsmakers. He talks about his potential run. Or president well take a look at some of the interview here. He said be careful. You could win. That is what he said about my senate race. Itave been looking at thursday because there are consequences to reading or office. What it isnd like for the travel requirements. We are thinking about it, discussing it at home. We will probably not make a decision until after the 2014 elections. Yikes if you ran, would you have to give up your senate seat . Is debatable. There are some laws we are looking at. We will know more. You will be the first to know what we come to a conclusion. I thought that was an interesting of the knowledge meant. There are many republicans, especially among the conservative states that are uneasy with the libertarian views on certain social issues. Do you think that the Republican Party needs to be somewhat less adopt a more embracing point of view if it is going to hang on to Younger Voters . Probably were going to have to have a party that is bigger, that includes evil that disagreed. One of the beauties of believing in federalism or that certain states and issues to say at the we couldel is that agree to disagree. The prevailing moon is quite a bit different than alabama. Now, unless the Supreme Court changes, they are allowing states to determine some of these rules. They would be a little different from state to state. I think maybe that is the better way to look at it. We will agree to disagree. You can hear more from senator paul on newsmakers. Also tomorrow, a look at thursdays hearing on targetedns the irs political groups. We will have that at 2 40 p. M. The new cspan. Org website makes it easy for you to find and watch all of the extensive coverage of official washington. Look for it on our homepage in a space called federal focus. Each day you will find comprehensive coverage of house and senate debates, events with the president and members of the cabinet. Press briefings from the white house, capitol hill, state department, and the pentagon. Oral argument and appearances by the justices. Ownh live or on your schedule. Federal focus on cspan. Or, making it easy to keep tabs on what is happening in congress, the courts. Is it a baking subcommittee heard from the secret Service Agent in charge of cyber investigations. He talked about the problems for shoppers at target in Nieman Marcus. The hearing is about one hour. Good morning. We are starting a little bit late. For that. E i appreciate everybody who is here today. From all over the state. There going to need to examine how we protect the data breaches in cyber crime in this digital age. Safeguarding American Consumers and businesses from data breaches and cyber crimes has been a priority of this committee since 2005. I have worked with members on both sides of the aisle to advance media protection legislation. I want to thank senator grassley for working with me very closely on this hearing. I hope we can continue working together to advance the personal data privacy and security act i recently introduced to protect American Consumers. You watch the news, you pick up the papers, you listen to the news, whatever. Most americans, myself included, have been alarmed by the recent data breaches at target and Nieman Marcus and michaels stores. The investigations of these Cyber Attacks are ongoing, but they compromise the privacy and security of millions of American Consumers, potentially putting one in three americans at risk of Identity Theft and other cyber crimes. I know my wife and i have never been so in deciduous in checking our credit card bills, but that is the same with everybody. I mention those three stores, those are all excellent stores. They are major parts of our economy. But we have to have faith in them. If we dont have faith in businesses ability to protect the personal information, the economic recovery is going to falter. In the digital age, major data breaches involving our private information are not uncommon. There have been significant data breaches involving sony, epsilon, cocacola, also some federal government agencies, department of veterans affairs, energy, dated breaches of yahoo and white lodge and others. Data breaches of yahoo and white lodge and others. So it wont seem like we are singling out just a few businesses, more than 662 million records have been involved in data breaches since 2005. We all agree, a cyber attack also for consumers who want to protect themselves against further exposure, it is not like someone comes in and robs a store, you know where it happened and you have some general idea of where the perpetrator is. Here, the perpetrator could be thousands of miles away in another country. American consumers deserve to know when their private information has been compromised. Most of us rely on being able to do a lot of our business electronically. But we should also remember that the businesses that suffer Cyber Attacks are also often the victims of a cyber crime. A recent study found that data breaches involved in malicious Cyber Attacks are the most costly data breaches around the globe. The per capita cost of Cyber Attacks in the United States was 277 per compromised record in 2013. Times that by millions upon millions. The highest cost for any nation, and if you are in a fragile economic recovery, this is a significant hindrance to recovery. So before the Judiciary Committee today, symantec, and we will hear from the u. S. Secret service, department of justice, federal trade commission. We are facing threats to our privacy and security unlike any time before in our nations own history. We have also had hearings about threats to our privacy by our own government agencies. I hope in this particular one we can get some good bipartisan support, get some data privacy legislation on here. I think we will all be better for it. Senator grassley. Very important that we have this hearing. We have had wellpublicized commercial data breaches. We are still learning about the details. This hearing will help bring more details out, i hope. It is clear that these and other breaches have intentionally potentially impacted tens of millions of consumers nationwide. Todays opportunity is to learn about the challenges that both industry and Law Enforcement face in combating Cyber Attacks from wellorganized criminals. The witnesses have the unique ability to provide us various important perspectives as we consider the governments role in securing Sensitive Data and crafting a breach notification standard. I hope to learn where the committees expertise could be helpful in combating future attacks. Furthermore, i would like to use this hearing to explore areas of Common Ground so that we can determine what might be accomplished quickly. It had been a couple of years since our committee has considered Data Security legislation. In that time we have learned a lot about the subject, thanks to broader Cyber Security conversations. The proposals offered by the administration and discussed in congress along with other government initiatives can be helpful for us to proceed as we consider what to do with this legislation. When considering Data Security requirements, our approach should provide flexibility and also account for businesses of different sizes and different resources. In a world of crafty criminals, it seems to me that onesizefitsall approach will not work or at least will not work for everybody. Instead, lets see how the government can partner with private business to strengthen Data Security. An example may be the National Institute of standards and technology Cyber Security framework, which has received bipartisan support, and as far as the senate is concerned, unless it is bipartisan, it isnt going to go anywhere. Thats not because theres something wrong with democrats or republicans. That is the institution itself. As we discussed the creation of a federal breach notification standard, we must avoid the risk of consumer over notification, just as there is a potential for harm when a victim isnt notified of a breach, over overnotification can lead to harm and apathy. As time permits, i want to explore these and other issues today, and will be available to discuss things beyond the committee process, either with colleagues or with other people. If everyone works together, it seems to me we can tackled these problems and hopefully limit future attacks. Thanks again, mr. Chairman. I ask unanimous consent to include my full statement in the record along with statements we received from these groups, the National Business coalition on ecommerce and privacy, the payment card industry, the National Association of federal credit unions, the american bankers association, National Retail federation, and the Retail Industry leaders association. Without objection that it be included in the record. Could i ask the four witnesses to please stand and raise your right hand. Do you swear the testimony you give in this matter will be the truth, the whole truth, and nothing but the truth, so help you god . Let the record show that the four witnesses all took the oath. We will hear from each of the witnesses first and then we will ask questions. John mulligan is chief Financial Officer and executive Vice President for target, the secondlargest largest general merchandise retailer in the u. S. He joined target in 1996. His responsibility includes Financial Planning and analysis, financial operations, tax assurance, investor relations. He graduated from the university of wisconsin in 1988. 1996 he earned a masters of Business Administration degree from the university of minnesota. Good morning, members of the committee. My name is john mulligan. Im executive Vice President and chief Financial Officer of target. I appreciate the opportunity to be here today to discuss important issues surrounding data breaches and cyber crime. As you know, target recently experienced a data breach is from criminal attack on our systems. To begin, i want to say how deeply sorry we are for the impact this incident has had on our guests, your constituents. We know this breach has shaken their confidence in target and we are determined to work very hard to earn it back. At target we take our responsibility to our guest very seriously. This attack has only strengthened our resolve. We will learn from this incident and as a result, we hope to make target and our industry more secure for consumers in the future. I would now like to explain the events of the breach as i currently understand them. Please recognize that i may not be able to provide specifics on certain matters because the criminal and forensic investigation remains active and ongoing. We are working closely with the secret service and the department of justice on the investigation to help them bring to justice the criminals who committed this widespread attack on target, american business, and consumers. On the evening of december 12, we were notified of the Justice Department of suspicious activity involving payment cards used at target. We immediately started our internal investigation. On december 13, we met with the Justice Department and the secret service. On december 14, we had an independent team of experts lead a thorough forensics investigation. On december 15, we confirm the criminals had infiltrated our system and installed malware and potentially stolen guest payment card data. Over the next two days we began notifying the payment card processors and card networks, preparing to notify our guests and equipping our call centers and stores with the necessary information and resources to address the concerns of our guests. Our actions leading up to our public announcement on december 19 and since have been guided by the principle of serving our guests. We have been moving as quickly as possible to share accurate and actionable information with the public. We know that the breach affected two types of data. Payment card data which affected approximally 40 million guests and certain personal data that affected up to 70 million guest. We believe the payment card data was accessed through malware placed on our pointofsale registers. It is designed to capture the data that resided on the magnetic strip. Our response has this focused on supporting our guests and strengthening security. In addition to the steps i described, we are taking the following concrete actions. First, we are undertaking and forensic review of our and our network and will make security enhancements as appropriate. Second, we increased fraud detection for our target red card guests. To date we have not seen any fraud on a proprietary credit and debit card do to this breach. We have seen only a very low amount of additional fraud on our target visa card. We are issuing new target credit and debit cards to any guest who requests one. Fourth, we are offering one year of free credit monitoring and Identity Theft protection to anyone who has ever shopped in our u. S. Target stores. We informed guests they have zero liability for any fraudulent charges on the cards arising from this incident. Six, target is accelerating our investment in Chip Technology for our target red card pointofsale terminals. Target has invested significant capital and resources in security technology, personnel, and processes. We had in place multiple layers of protection including firewalls, malware detection, intrusion detection and prevention capabilities and Data Loss Prevention tools. Unfortunate reality is that we suffered a breach. All businesses and their customers are facing increasingly sophisticated threats from cyber criminals. In fact, news reports have indicated several other companies have been subjected to similar attacks. To prevent this from happening again, none of us can go it alone. We need to Work Together. Updating Payment Card Technology and strengthening protections for American Consumers is a shared responsibility and requires a collective and coordinated response. On behalf of target i am committing that we will be an active part of the solution. Senators, to each of you and all of your constituents and our guests, i want to once again reiterate how sorry we are this happened and our ongoing commitment to making this right. Thank you for your time today. Thank you very much, mr. Mulligan. Michael kingston is senior Vice President and chief Information Officer for Neiman Marcus as well as chief Information Officer, he oversees approximately 500 professionals responsible for all aspects of Information Technology and security including technology strategies. Information Technology Services for all Neiman Marcus clients, both its doors and website. Brands, both its doors and website. Thank you for being here. Please go ahead, sir. Mr. Chairman, senator grassley, members of the committee, good morning. My name is michael kingston and im chief Information Officer at Neiman Marcus group. I want to thank you for your invitation to appear today to share with you our experiences regarding the recent criminal Cyber Security incident at our company. I have submitted a longer written statement and appreciate the opportunity to make some brief opening remarks. We are in the midst of an ongoing forensic investigation that has revealed a cyber attack using very sophisticated malware. From the moment i learned there might be a compromise of payment card information involving our company, i have personally led the effort to ensure that we were acting swiftly month early, and thoroughly and responsibly to determine whether such a compromise had occurred, to protect our customers and the security of our systems, and to assist Law Enforcement in capturing the criminals. Because our investigation is ongoing, i may be limited in my ability to speak definitively or with specificity on some issues. There m