Two US senators called for the Federal Trade Commission to investigate Home Depot for violations following its recent data breach.
The breach is estimated to have affected 2,200 stores in the US and Canada and could have revealed payment card information for millions of shoppers.
Sens. Edward Markey (D-Mass.) and Richard Blumenthal (D-Conn.) urged FTC Chairwoman Edith Ramirez to look into the matter.
“As you know, Section 5 of the Federal Trade Commission Act gives the FTC jurisdiction to investigate companies’ privacy and information security policies, procedures, and practices,” they said in a letter to Ramirez. “Given the unprecedented scope and extended duration of Home Depot’s data breach, it appears that Home Depot may have failed to employ reasonable and appropriate security measures to protect sensitive personal information.
“Furthermore, it is troubling that Home Depot has not yet been able to confirm that it has successfully shut down the data breach. This means that its customers may continue to be at risk of having their personal information stolen. We are concerned that the retailer’s procedures for detecting and stopping operations to steal customer data are inadequate and we call on the Commission to investigate whether Home Depot’s security procedures meet a reasonable standard. If Home Depot failed to adequately protect customer information, it denied customers the protection that they rightly expect when a business collects such information. Such conduct is potentially unfair and deceptive, and therefore could violate the FTC Act.”
Meanwhile, state attorneys general from Connecticut, California, Connecticut, Illinois, New York and Iowa are looking into the breach.
Markey and Blumenthal also called for “additional authority” for the FTC to sanction businesses that fall victim to hackers.
“While it is clear that the FTC has the authority to investigate breaches like this one, it is equally clear that the Commission needs additional authority to impose sanctions sufficient to fully punish and deter the conduct that leads to such breaches,” the lawmakers said. “The breach at Home Depot highlights how vast and damaging data breaches can be. The FTC should be able to respond to breaches like this with penalties commensurate with the potential harm. We look forward to working with our colleagues in Congress and with the Commission to ensure that the Commission has all the enforcement authority it needs to carry out its mission effectively.”
An FTC spokesperson confirmed that the agency had received the senators’ letter, but could not comment on any ongoing or future investigation.
Home Depot’s stock showed the effect of the news, declining to $88 per share as of Sept. 10. The stock had gained a boost in August following a solid second quarter earnings report. A Standard & Poor’s analyst described the situation as “worrisome” to Reuters.
Observers in the cybersecurity field told Advisen that Home Depot had exacerbated the situation by delaying confirmation of the breach and inviting speculation.
The New York law firm of Harwood Feffer LLP also announced an investigation into whether Home Depot’s board of directors failed in their fiduciary duty to shareholders. Peter Overs Jr. Esq., one of the firm’s attorneys, declined to comment on the case.