When Target stores fell victim to the largest cybersecurity breach in history, the company swallowed its pride and panic, and told its customers right away that their names, mailing addresses, telephone numbers or email addresses — 70 million of them — probably had been stolen by hackers. That number has since grown to 110 million names, and Target might not yet know the extent of the damage.
Rep. Jeb Hensarling, chairman of the House Financial Services Committee, and Rep. Maxine Waters, the ranking Democrat, want a full committee hearing to see how and why it happened. Good idea. We further think it’s a good idea to take a similarly exhaustive look at what happened to Healthcare.gov, the website of President Obama’s health care disaster.
Security experts have testified to Congress that they think a large number of hacking attempts have been made at the government-run website, and some of them think it has been compromised.
“Hackers are definitely after it,” David Kennedy, CEO of the information security firm TrustedSEC, told the House Science, Space and Technology Committee. “And if I had to guess, based on what I can see I would say the website is either hacked already or will be soon.”
Unlike a private business, the government feels no pressure to inform the public about a threat. The Obama administration won’t say whether the site has been hacked and intimate information stolen. Congressional efforts to require such disclosure were opposed by most House Democrats, many of whom are eager for a federal investigation into the breach at Target.
Last week, the House of Representatives approved the Health Exchange Security and Transparency Act, requiring the Department of Health and Human Services to reveal security breaches of the Obamacare website. The legislation, which now goes to the Senate, would require the administration to inform individuals within two business days if the government suspects personal information has been stolen or unlawfully accessed through an exchange.
Rep. Fred Upton of Michigan, the Republican chairman of the House Energy and Commerce Committee, gets it right: “Americans have a right to know in the event their sensitive personal information provided to an exchange is compromised — especially as it is the law’s individual mandate that forces them to purchase government-approved health coverage. Why wouldn’t we want the public to know? And be alerted right away?”
The Republican author of the legislation, Rep. Joseph R. Pitts of Pennsylvania, says, “the American people have a right to know that their government is required by law to contact them if their personal information is compromised.”
This is only decent, and the legislation was approved by a resounding vote of 291 votes to 122 votes, and 67 Democrats defied their leadership to join the Republicans. The margin looks vetoproof in the House.
Democrats keep falling on their swords to protect Obamacare, its inept rollout and its substandard insurance policies at inflated costs. But the Democratic firewall is beginning to collapse. The prospect of hanging — in this case, the 2014 congressional elections — certainly focuses a member’s attention.