Lawmakers said this week that more needs to be done to protect banks and financial services firms from hackers following a massive data breach at Capital One that impacted some 100 million customers.
“This data breach shows that it’s not just big technology companies and credit reporting agencies like Equifax that are vulnerable to hacking and data breaches – big banks are vulnerable targets as well. As this is not the first incident in which Capital One’s customer data was exposed, we need to understand what bank regulators have been doing to ensure that this bank, and other banks, have strong cybersecurity policies and practices. We must also understand what bank regulators are doing to ensure strong oversight of third-party technology providers that banks work with,” Rep. Maxine Waters, chair of the House Financial Services Committee, said. “As we learn more about this incident, I plan to work with my colleagues and take action in the Financial Services Committee on legislation to improve oversight of the cybersecurity of financial institutions.”
The breach, which occurred on July 19, affected approximately 100 million Americans and about 6 million Canadians. Capital One reported that less than 1 percent – or about 140,000 Social Security numbers – were comprised. Further, about 80,000 linked bank account numbers of credit card customers were impacted. No credit card account numbers or log-in credentials were compromised. The person responsible for the breach has been arrested. Capital One believes it is unlikely that the information was used for fraud or disseminated.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Richard Fairbank, chairman and CEO at Capital One, said. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
The largest category of information accessed was on consumers and small businesses that applied for credit cards from 2005 through early 2019. This information included personal information on credit card applications, including names, addresses, zip codes, phone numbers, email addresses, dates of birth, and income.
“This massive data breach also underscores how important it is that the consumer credit reporting bills that the Financial Services Committee recently passed become law so that any consumer affected by a data breach is not further harmed. Among other things, the bills the Committee passed ensure that consumers can get a free copy of their credit score, provide better tools for victims of fraud, and make it easier for consumers to get errors on their reports corrected,” Waters added.
One of those bills is the Restoring Unfairly Impaired Credit and Protecting Consumers Act, introduced by Rep. Rashida Tlaib (D-MI). This bill would establish the right to free credit monitoring and identity theft protection services if a consumer is a victim of identity theft, fraud, or a related crime.
“The Capital One data breach is a stark reminder of the need for stringent data security standards for financial institutions, third-party service providers, and any other entity with access to personally identifiable information,” Rep. Patrick McHenry (R-NC), ranking member on the committee, said. “In this instance, tokenization and encryption helped protect some sensitive data, but it’s vital that we continue to modernize and innovate. I’ve long advocated for legislation that would help end our reliance on stagnant identifiers like Social Security numbers. It’s time to develop technological and regulatory systems that do a better job of keeping American consumers safe from growing cybersecurity threats.”