The New Jersey Democrat is taking on the topic after last week's revelation that information about 40 million Target customer accounts had been stolen.
At a news conference Thursday outside a Target store in Jersey City, Menendez said he wants to make sure retailers are "putting their customers ahead of profits." He announced that he had requested details from the Federal Trade Commission on whether it can fine firms for security breaches and whether laws should be changed to protect consumer data.
"We need to know if the FTC has the teeth to hold retailers who failed to protect consumers' information accountable," Menendez said.
Menendez said he "has a feeling" that the agency won't be able to levy fines or penalties against companies. When a data breach occurred at Marshall's and T.J. Maxx in 2006, the FTC wasn't able to fine the stores' parent company as part of a settlement agreement.
"Our country's consumers depend upon safe and secure transactions, and especially at this crucial time of year, our country's retailers must commit to fulfilling that expectation," Sen. Menendez wrote to FTC Chairwoman Edith Ramirez.
Menendez said he wants the FTC to recommend if further legislative action is needed to help protect consumers against having their financial information stolen.
Menendez said if a company doesn't invest in security to ensure customer data can't be stolen, "then you have to question why a company would not do that."
He said he may hold hearings on the Target breach.
Target Corp. spokeswoman Katie Boylan said in an email the company is "focused on partnering with the authorities who are investigating this crime against Target and our guests, and helping our guests understand what they need to know and what steps they can take."
The security breach lasted from Nov. 27 to Dec. 15 and affected customers in Target's U.S. stores.
The retailer said it hosted a conference call for state attorneys general Monday and will have a follow-up call January 6.
Target announced Monday the Department of Justice is investigating what is being called the second-largest data breach in U.S. history. It also said it is working with the Secret Service to determine how the hack happened.
Customers have already filed lawsuits against the company.