House Dem presses breached companies for info

The House Oversight Committee’s top Democrat wants more information from breached companies.

Rep. Elijah CummingsElijah Eugene CummingsAppeals court asks DOJ to weigh in on Trump congressional subpoena fight Four heated moments from House hearing on conditions at border facilities Border Patrol chief was member of secret Facebook group for agents: report MORE (Md.) sent letters Wednesday to five companies that have experienced high-profile data breaches this past year — Home Depot, Target, Kmart, Community Health Systems and U.S. Investigations Services (USIS).

“Your ability to protect consumers and safeguard … personal information is central to earning and maintaining consumer confidence,” Cummings wrote.

Cummings also sent a letter Monday to the U.S. Postal Service, following its own breach that exposed the information of 800,000 employees.

Cyberattacks on Home Depot and Target resulted in the two largest retailer breaches known to date. Combined, over 100 million customers had their credit and debit card information compromised.

Kmart’s systems were exposed for a month, but the company doesn’t believe any personal data was lifted.

“The increasing number of cyber-attacks and data breaches is unprecedented and poses a clear and present danger to our nation’s economic security,” Cummings wrote.

At hospital company Community Health Systems, cyber thieves stole the non-medical information of 4.5 million patients.

USIS, the government’s main security clearance contractor, became a political focal point after its breach, which exposed the records of at least 25,000 Department of Homeland Security employees. As a result, the government said it would not renew its USIS background check contracts.

Taken together, the incidents “highlight the need for greater collaboration to improve data security,” Cummings wrote.  

Russian and Chinese hackers are suspected in many of the attacks.

Cummings is collecting the information with the hopes of moving on federal cybersecurity legislation.

Policymakers have long discussed a federal data breach law, which would set uniform notification standards and industry-wide data security requirements. Thus far, nothing has come close to passage.

“Your company’s knowledge, information and experience with this recent data breach will be helpful as Congress examines federal cybersecurity laws,” Cummings wrote.

— Updated 5:07 p.m.