The US House of Representatives Committee on Oversight and Reform has requested a briefing with Capital One over the data breach that left 106 million credit card holders and applicants in the US and Canada at risk of their personal information being stolen.
According to the Financial Times, two letters were published Thursday appealing to both Capital One and Amazon for a “staff-level briefing” amid increasing political scrutiny of cybersecurity practices.
The committee have asked CEO Richard Fairbank for further information and a response from the bank, “to help us more fully understand Capital One’s recent incident and its potential to affect millions of Americans”.
This news follows a probe into the breach being announced earlier this week by New York’s attorney-general. A Capital One spokesperson added: “We have proactively engaged in discussions with lawmakers and elected officials since the arrest of the perpetrator of this cyber incident on Monday and will continue to do so.”
Dubbed one of the largest data breaches to hit a financial services firm, the Capital One hack is expected to cost the company between $100 million and $150 million.
While tens of millions of applications and approximately 77,000 bank account numbers are at risk, the company reiterates that no credit card numbers or log-in credentials were compromised, nor were most of the Social Security numbers on the applications.
Seattle-based Paige A. Thompson was arrested on computer fraud and abuse charges and on suspicion of “exfiltrating and stealing information, including credit card applications and other documents, from Capital One” under the online alias ‘erratic’.
Thompson formerly worked for Amazon Web Services, which hosted the Capital One database that was breached.
The committee also published a letter for Amazon head Jeff Bezos, demanding further information on the status of AWS security protocols to ensure security of personal and government data ahead of the 2020 US census. AWS is also in the running for the Department of Defense’s cloud computing contract.
The FT also reveals that Thompson may have also stolen data from UniCredit and Ford, while Vodafone was also flagged as a possible target by cybersecurity researchers.
Editorial | what does this mean?