WASHINGTON, D.C. – Hackers stole the debit and credit card information of 40 million Target customers between last November and December. In May, eBay made all of its 145 million customers change their password after hackers breached their system and stole personal information. And just last week JPMorgan Chase announced that a large-scale cyber attack had compromised the data of 83 million of its customers.
The JPMorgan Chase intrusion is only the latest in a series of high-profile security breaches affecting millions of Americans who trust their data to corporate caretakers. From Home Depot to Adobe to Snapchat, American businesses are under assault and it’s their customers’ private data hackers want.
As of Oct. 7, there have been 588 data breaches in 2014, according to the Identity Theft Resource Center, a 25.9% increase over the same time period last year. That trend suggests that cyber attacks aren’t slowing down anytime soon, but the federal response has been almost negligible.
Currently, the Federal Trade Commission can only regulate businesses after a security breach has occurred and even then, it must pass a three-pronged test to qualify action, which includes determining whether consumers suffered “substantial” injury as a result. Because of the limited guidelines, the FTC has only brought 30 security cases against businesses under what it calls its “deception authority” and 20 under its “unfairness authority” since 2002.
At a congressional hearing in February, the director of the FTC’s Bureau of Consumer Protection said the agency needed “more tools” to deter consumer data breaches in the private sector. But the response on the Hill has been limited.
Members have introduced three pieces of legislation that address consumer privacy concerns at private businesses. The Data Security Act, introduced by Sen. Thomas Carper, D-De., aims to establish a national rule for public and private entities to help prevent and respond to data breaches.It would also require entities such as financial institutions, retailers, and federal agencies to better safeguard sensitive information and notify consumers when there is a risk of identity theft.
The Personal Data Privacy and Security Act, introduced by Sen. Patrick Leahy, D-Vt., and the Personal Data Protection and Breach Accountability Act, introduced by Sen. Richard Blumenthal, D-Ct., would both establish FTC guidelines for businesses that gather consumer data to follow and would hold them accountable if they failed to meet the criteria.
Under Blumenthal’s proposal, companies would be held responsible for the costs of data theft to consumers if they fail to adopt protections that meet modern technological standards—such as chip and pin technology.
But none of the bills have close to enough support to be considered for a vote. Blumenthal’s proposal currently only has one co-sponsor in Congress. Leahy’s bill has five co-sponsors on the Senate side and none for its companion legislation in the House. Carper’s bill only has one co-sponsor. All but one of the sponsors are Democrats.
For a topic that has affected so many Americans, one would think an immediate congressional response would be mandatory—or at least good politics—but fixing the leaking online infrastructure has become less of a public priority.
According to a recent study by Travelers Insurance, while personal privacy loss and identity theft is the second highest fear for respondents, less people worry about today than a year ago – 27% in 2014 compared with 34% in 2013. For millennials, the perceived risk is even lower—53 percent say they don’t worry at all about technology risks.
The reason may be that the public has accepted data breaches as an inescapable reality.
“When we did the risk index last year [in May] it might have been at the peak around cyber breach concerns in society,” said Patrick Gee, senior vice president of claims at Travelers. “Now that there’s been a year behind us, and there have been large scale and small scale technology breaches, perhaps it’s that people believe it’s just going to be part of their daily lives going forward.”
And with a year that has endured a plethora of daunting current events, like fighting ISIS and the Ebola outbreak, both the public’s and federal government’s attention might be elsewhere.
“There is so much going on. There are so many issues of international crisis and conflict,” Sen. Blumenthal said.
Regardless, the senator continued that cybersecurity can’t be ignored and breaches will only continue to occur as the holidays get closer.
“As we approach the holiday season the threat of theft is evermore real and urgent and that is why retailers should be taking steps to protect consumers,” he said. “Retailers and financial services are simply failing to keep pace in the arms war against data thieves.”