Congress wants Capital One and Amazon to explain data breach
Leaders of House and Senate committees want Capital One and Amazon to explain to Congress how a hacker accessed personal information from more than 100 million Capital One credit card customers and applicants. The incident was the latest massive data breach at a large company.
Ohio Rep. Jim Jordan, the top Republican on the House Oversight and Reform Committee, asked for a staff-level briefing by Aug. 15 on the breach that was reported late Monday.
The chairman of the Senate Banking, Housing and Urban Affairs Committee also said the committee will look into the matter. Sen. Mike Crapo, R-Idaho, plans legislation that would establish new data safeguards for consumers.
“I have concerns about all aspects of this,” Crapo told reporters this week. “We want to understand how this happened, how other breaches happened … and we want to know how vulnerabilities (appear) in systems and figure out what we must do to deal with them at a policy level.”
The head of the House Financial Services Committee, Rep. Maxine Waters, D-Calif., has also organized a briefing from Capital One for Democratic and Republican staff members, according to congressional aides.
“As this is not the first incident in which Capital One’s customer data was exposed, we need to understand what bank regulators have been doing to ensure that this bank and other banks have strong cybersecurity policies and practices,” Waters said. She plans legislation to improve oversight of the cybersecurity of financial institutions.
In a letter Thursday to Amazon CEO Jeff Bezos, Jordan and other Republicans on the House Oversight panel note that Capital One data was stored on a cloud service provided by Amazon Web Services. The suspected hacker, Paige Thompson, is a former Amazon software engineer.
FBI agents arrested Thompson on Monday for allegedly obtaining personal information from more than 100 million Capital One credit applications, including roughly 140,000 Social Security numbers and 80,000 bank account numbers. There is no evidence the data was sold or distributed to others.
Rep. Elijah Cummings, chairman of the House Oversight and Reform Committee, said the committee has a long and bipartisan history of investigating data breaches in the government and private sector. Cummings, D-Md., said he looks forward to hearing more information about the data breach from Capital One and the company’s response.
A spokesman for McLean, Virginia-based Capital One said in a statement that the company has “proactively engaged in discussions with lawmakers and elected officials since the arrest of the perpetrator of this cyber incident on Monday and will continue to do so.”
A spokesman for Amazon did not immediately respond to requests for comment.