WASHINGTON — The
"We are committed to working to find not only the perpetrators of these sorts of data breaches, but also any individuals and groups who exploit that data via credit card fraud," Atty. Gen.
Although the Justice Department rarely comments on active investigations, Holder took the unusual step of publicly confirming that the investigation is underway, saying his department "takes very seriously reports of any data breach, particularly those involving personally identifiable or financial information."
Minneapolis-based Target Corp. announced last month that payment card information for 40 million customers was stolen over a two-week period during the holiday shopping season, along with the names, addresses, email addresses and phone numbers of an additional 70 million customers.
Some customers have reported noticing fraudulent charges, and thousands of newly minted credit cards with the stolen information have surfaced.
Target said late Wednesday that cyberthieves stole credentials from one of the retailer's vendors to access its system, according to an ongoing forensic investigation into the data breach. The company said that since disclosing the hack Dec. 15, it has cleared its system of the malware that had been planted.
"In addition, since that time we have taken extra precautions such as limiting or updating access to some of our platforms while the investigation continues," Target spokeswoman Molly Snyder said.
Federal authorities this month arrested two Mexican citizens trying to enter the U.S. in McAllen, Texas, with scores of fraudulent credit cards that law enforcement officials suspect might be linked to the Target case. Daniel Dominguez Guardiola, 28, and Mary Carmen Vaquera Garcia, 27, were detained by U.S. Customs and Border Patrol officials on outstanding arrest warrants for credit- and debit-card fraud.
Although the pair was not believed to be involved in the original cyberattack against Target, law enforcement officials said the arrests may be a sign that the stolen data have been sold and are beginning to circulate around the country.
U.S. law enforcement authorities are also looking into reports that part of the computer code used to hack into Target was written in Russia, leading some to suspect that international organized crime networks played a part.
Holder underscored the growing threat of cybercrimes, calling it one of the biggest challenges for federal law enforcement in the years ahead.
"This nation needs to be afraid of where we could be after a cyberattack," he said. "When you see the proliferation of these cyber capabilities to criminal organizations, to nation states, our nation is at risk. Our infrastructure is at risk. And we as a nation have not, I think, adequately responded to it."
The Justice Department launched a 120-day evaluation of how it can better fight cybercrime. "It is only going to get worse," Holder said.
Industry groups are mobilizing new programs to identify cyberthreats and promote consumer safeguards to prevent fraud.
"Retailers place extremely high priority on data security and invest tremendous resources to prevent attacks," said Sandy Kennedy, president of the Retail Industry Leaders Assn. "But cybercriminals are persistent and their methods of attack are increasingly sophisticated."
Separately, Holder used the hearing to refute a report in the
He defended the career prosecutor who is overseeing the case — Barbara Bosserman from the Justice Department's civil rights division — saying her personal political donations of nearly $7,000 to President
Conservative lawmakers and groups have called for her resignation, saying her contributions raised questions about her ability to be objective.