MADIGAN: CONGRESS MUST ACT TO PROTECT CONSUMERS FROM DATA BREACHES
Attorney General Testifies in D.C. Calling for Comprehensive Legislation to Address Epidemic of Data Breaches
Washington — Attorney General Lisa Madigan today testified before the U.S. House of Representatives’ Subcommittee on Commerce, Manufacturing and Trade about her investigations into widespread data breaches reported by retailers in recent months, which have affected millions of American consumers. Madigan called on Congress to immediately take steps at the federal level to better protect consumers’ personal information.
“Over the past decade, we have faced an epidemic of data breaches that has affected almost every American and has inflicted billions of dollars of damage to our economy,” Madigan said. “The recent breaches have served as a wakeup call that government and the private sector need to take serious, meaningful action to curb this growing threat to our financial security.”
Madigan testified earlier today on Capitol Hill in a hearing titled “Protecting Consumer Information: Can Data Breaches Be Prevented?” Madigan and the Connecticut Attorney General’s Office are currently leading a multistate investigation into the recent Target, Neiman Marcus and Michaels Stores breaches.
Madigan said the epidemic of data breaches has grown over the past decade, now affecting almost every American consumer and inflicting billions of dollars of damage to the U.S. economy. Since 2005, there have been over 4,000 data breaches nationally and 733 million records compromised.
In response, the Attorney General has launched numerous investigations into whether businesses and health care companies are adequately protecting consumers’ data. In 2005, her office worked to enact a state law to require companies to promptly notify their customers of data breaches to ensure consumers know when their sensitive data has been compromised. In 2006, she launched her office’s Identity Theft Unit, which staffs a statewide hotline (1-866-999-5630) to provide one-on-one assistance to victims of identity theft and data breaches. After receiving more than 40,000 requests for assistance, the ID Theft Unit has helped reverse more than $26 million worth of fraudulent charges on consumers’ accounts.
Madigan said past investigations into data breaches by her office have indicated that companies have repeatedly failed to take basic steps to protect Illinois consumers’ information maintaining consumer data without encryption, failing to install updated security patches for known software vulnerabilities and retaining data longer than necessary.
The Attorney General urged Congress to take action to better protect American consumers by adopting federal standards that, while not preempting state law, will require companies to:
Madigan also called on members of the subcommittee to authorize a federal agency to investigate large, sophisticated data breaches, akin to the National Transportation Safety Board's role in aviation accidents.
For more information, read Attorney General Madigan’s written testimony from the hearing.