and least with target, there was a portion of that that was unencrypted and they were able to get the information in plain language. plain text. is that a shortcoming? is that standard? how much of a surprise to you or not surprised there was that vulnerability at the point of sale, mr. mulligan? >> mr. chairman, we know -- >> and pull your microphone a little closer. >> we know today in the u.s. that credit card information, payment card information comes into point of sale systems from the magnetic strip unencrypted. in our case that data was captured prior to us encrypting it. we've seen in other geographies around the world where chip and pin or technology is deployed. the fraud related to credit cards have come down dramatically and that's why we've been supporters of that technology for a long period of time. >> mr. kingston. >> what we learned in our investigation, mr. chairman, is that the information was scraped at a time immediately following the swipe as well. and basically -- in essence, combing old data, so it was undetectable, hidden in plain sight? >> milliseconds befor

they found data is often shared via unencrypted networks exposing sensitive data and it is not protected hipaa laws leaving your information up for sale to the highest bidder. >> there is the use of the data today and then there is what happens potentially in the future. >> currently the data is primarily sold at advertisers anding ing a re-- but imagine googling your name and finding your weight or worse. and what if potential employers had access to your blood pressure and cholesterol. sound farfetched? employers were checking credit scores a few years ago. >> four flights of stairs gone. >> she says she is not concerned. for her, the benefits out weigh the risk. and she is careful, choosing paid apps over freebies, limiting the information she provides and assuming anything she does share probably won't remain private. >> it doesn't have any information that i don't give. so i am not unduly concerned. >> paid apps generally have better privacy policies than those free app, but you want to read them carefully and assume any information you provide is being shared. remember f you have a

ambassador unencrypted. it was picked up, the white house points out, tweeted out by someone in the russian government. that's what -- >> schieffer: we think the russians did it. >> that they promoted it no. one said who recorded it, ukrainian and russian intelligent arms -- >> schieffer: why were they talking on an open line? >> what she will layout the u.s. was working with the opposition at the time, at their request to try to take up the ukrainian president on his offer to put some members inside of this government in a technical way to try to quell some of this stand off. and haven't really resolved anything. when she said let's try to get the u.n. to glue it together, it was eu wasn't working fast enough to fix this problem in their own back yard of europe, turning to the u.n. to stand in there to help quell some of the violence that was in the streets. and to try to address the human rights concerns. it was more on the sense of, we don't need the eu to get this done. >> schieffer: what does this conve

ones that happened in 2006 and the next time that cyber criminals attacking the databases on the unencrypted data which is credit card payment. that got changed and morphed into funny 07 where the focus ended up going towards credit card processing companies but they were looking at the credit card data when it was unencrypted at that time. so encryption modification has been made through the system and information is encrypted as it goes through the systems. today we have seen the change now they are looking at where the thing is and how to get around it so where they are attacking now is that the point-of-sale way or to the back of the house server if you will that has not been encrypted. >> thank you. madam chair, you answered the chair emeritus regarding preemption. i didn't understand your question answers. my fault, not your fault. can you explain your views on preemption? and i come at this having a minority leader in the state senate and i certainly belief in a robust democracy in washington and at the state capitals. if you could elaborate briefly on the preemption issue. >> i belie

situations where information that is personal, sensitive, financial information is being maintained unencrypted, we have seen, you know, situations where literally the information is obtained because documentation with sensitive information is being thrown into a dumpster and people have gotten it out and used that for elicit purposes. there is a minimum standard and then i think that as chairman ramirez did a nice job of explaining, on a case-by-case basis with companies considering the types of information the volume of information, the sensitivity of information we have to have increasing standards required. >> my time is up, but i look forward to working with all of you to figure out what is the appropriate federal response. congressional response. thank you. i yield back. >> thank you. and now recognize chairman emeritus mr. burton for five minutes. >> thank you for holding this hearing. h is potentially very important because this is one of the few things that republicans and democrats both agree on is a problem and we may be able with your leadership to reach agreement on a solution. one

information, payment card information comes into point of sale systems from the magnetic strip unencrypted. in our case that data was captured prior to us encrypting it. we've seen in other geographies around the world where chip and pin or technology is deployed. the fraud related to credit cards have come down dramatically and that's why we've been supporters of that technology for a long period of time. >> mr. kingston. >> what we learned in our investigation, mr. chairman, is that the information was scraped at a time immediately following the swipe as well. and basically -- >> so in essence, co--- >> you can continue watching this hearing on our website, c-span.org. we'll leave it now to go live to the u.s. house for the start of the legislative day today. after some opening speeches, members are scheduled to consider debate roles for two bills. one dealing with california water resources and the other with public lands use. the public lands bill will be formerly -- also, amendment and final passage votes on a bill encouraging hunting and fishing on federal lands. first votes expected

instancesund repeated were breaches occur because companies allow consumer data to be maintained unencrypted the reason breaches have led to discussions about can -- technology that was available but not deployed. they lead to disputes between banks and retailers. of when thisnt comes to security of our payment network. targeted by criminals. are toast time for the take data security seriously. consumers are rapidly losing confidence in the abilities to safeguard the personal information. i recommend that congress take the following action. this is not preempt the state law. congress should recognize the federal government should assist the are in the same manner it already does. congress should give it agency the responsibility to investigate large sick just dictated data breaches. states have been on the front lines for a data will -- for a decade. not asking for state law to be weakened. they are panicked and they are angered. the companies are not doing more to protect their personal and financial information and prevent the breaches from occurring in the first place. i'm happy to answer

information, payment card information comes into point-of-sale systems from the magnetic strip unencrypted. in our case that data was captured prior to us encrypting it. we have seen in other geographies around the world where chip and pin or chip enabled technology has been deployed. the fraud related through credit cards is come down dramatically and that is why we been supporters of that technology over a very long period of time. >> mr. kingston. >> what we've learned in our investigation, mr. chairman, is that the information was scraped at a time immediately following the swipe as well. and basically -- >> so in essence go mingle the data so it was undetectable? >> really milliseconds before it hit titles to their processor for authorization. >> wow. back to mr. mulligan. have you been able to determine how they were able to get into the system and placed the malware at that very sensitive point? >> it's my standpoint access was a compromise set of vendor credentials or logon id and password. beyond that we have an end-to-end review, forensic review of all of our systems to understan

repeat #-d instances where breaches occurred because companies beowed consumer data to maintained unencrypted and retained data for longer than necessary. the recent breaches also led to discussions about security available that was but not deployed for reasons and range from high cost increased checkout times to disputes between banks and retailers. frankly, it is negligent that the united states is behind the rest of the world when it comes to security of our payment networks. and it is the main reason that is. consumers information targeted by criminals. it is pastime for the private sector to take data security seriously. based upon our experiences at the state level, i recommend that congress take the following actions. first, pass data security and breach notification legislation preempt state law. second, congress should also recognize that the federal assist theshould private sector in the same manner it does in other critical areas. congress should give an agency the responsibility and authority to investigate large data breaches in manner similar to ntsb investigations of aviation a

without it, a hacker on your local network might be able to see the unencrypted traffic between you and close look at what they came to see. and without warning, the whale tried to give everyone onboard a high five slapping a teen, girl, though, on the face with the tail. she prob ♪ make a change for a better day ♪ [ female announcer ] this nation of go-getters seems to be in the middle of a human energy crisis. ♪ take a chance... [ male announcer ] power up with the good energy of quaker real medleys. ♪ sweet fruit, crunchy nuts and multigrains. it's how we help keep go-getters like you going...and getting. real fruit, real nuts, real medleys. try our apple nut harvest bars. quaker up. we really you know? take ta relaxingjust to unwind.a.rs. but we can only afford one trip this year, and his high school reunion is coming up in seattle. everyone's going. then we heard about hotwire... and realized we could actually afford to take both trips. [woman] see, when really nice hotels have unsold rooms, they use hotwire to fill them. so we got our 4-star hotels for half price. i should have be