The following is a media release from Sen. Elizabeth Warren’s office. She is one of two individuals elected by voters in the Commonwealth of Massachusetts to serve the state in Washington DC in the US Senate. She is a Democrat.
WASHINGTON DC – United States Senator Elizabeth Warren (D-Mass.), member of the Senate Banking, Housing, and Urban Affairs Committee, sent a letter to Capital One Financial Corporation Chairman and Chief Executive Office Richard Fairbank regarding the massive data breach revealed last week that compromised sensitive personal information – including, in some cases, Social Security numbers and bank account numbers – of over 100 million Capital One customers.
The breach is “one of the largest-ever thefts of data from a bank.” Senator Warren expressed concerns with the risks to consumer privacy, the company’s failure to prevent the breach, Capital One’s plan to inform potentially affected customers, and the extent to which the bank will hold key executives and contractors accountable.
Beginning in March 2019, a hacker was able to breach Capital One’s database and obtain personal data, mostly related to credit card applications.The alleged hacker, a former employee of Amazon Web Services, which hosted the database, has been arrested and charged with illegally obtaining the data. Capital One indicated in a statement that the alleged hacker is a “highly sophisticated individual” who previously worked at Amazon Web Services in September 2016.
The alleged hacker’s knowledge, however, may not be unique – tens of thousands of employees work or have worked at Amazon Web Services and thousands more work at Capital One – and “some researchers have noted that the techniques allegedly used and the security weaknesses allegedly exploited are commonly known.”
Senator Warren expressed concern that Capital One did not detect the breach until nearly four months after the incident and that the bank never specified how and when it will notify affected customers.
“It is critical that individuals or businesses whose data was exposed due to Capital One’s security failures receive adequate and timely notifications,” wrote Senator Warren. “The public deserves to know exactly what the company plans to do to ensure that consumers’ accounts and application information are protected from the consequences of Capital One’s security failures.”
To address these concerns and provide the public with clarity about this breach, Senator Warren asked that Capital One respond by August 19, 2019 and explain how the company database was breached, which security systems failed or were insufficient, what steps the company has taken to fix both the vulnerability and the systems that failed to detect the breach, and what efforts the company will make to rectify the impact of the breach and hold executives accountable.