Oversight Republicans demand answers on Capital One data breach

Oversight Republicans demand answers on Capital One data breach
© Greg Nash

Top Republicans on the House Oversight and Reform Committee on Thursday demanded briefings from both Capital One and Amazon following the breach of data for more than 100 million Capital One customers that was stored through Amazon cloud storage services.

The lawmakers, including ranking member Jim JordanJames (Jim) Daniel JordanWin by QAnon believer creates new headaches for House GOP World's most trafficked mammal gives Trump new way to hit China on COVID-19 The 'pitcher of warm spit' — Veepstakes and the fate of Mike Pence MORE (R-Ohio), asked that both companies provide staff-level briefings to detail the data breach by Aug. 15. The House is in recess until Sept. 9. 

ADVERTISEMENT

“The committee regularly conducts oversight of data breaches at financial institutions,” Jordan and subcommittee ranking members Reps. Mark MeadowsMark Randall MeadowsPelosi, Mnuchin talk but make no progress on ending stalemate Overnight Health Care: Democrats say White House isn't budging in coronavirus relief stalemate | Top Fed official says quick reopenings damaged recovery from coronavirus | Nearly three dozen health experts object to HHS coronavirus database Democrats say White House isn't budging in coronavirus relief stalemate MORE (R-N.C.) and Michael Cloud (R-Texas) wrote to Capital One CEO Richard Fairbank.

“To help us more fully understand Capital One’s recent incident and its potential to affect millions of Americans, we ask that you please arrange a staff-level briefing on the incident, its nature and scope, as well as Capital One’s response to the disclosure,” they added.

House Oversight and Reform Committee Chairman Elijah CummingsElijah Eugene CummingsTrump rips Bill Maher as 'exhausted, gaunt and weak' Bill Maher delivers mock eulogy for Trump The Hill's Campaign Report: Biden comes to Washington to honor John Lewis MORE (D-Md.) also expressed interest in looking into the data breach, telling The Hill in a statement on Thursday that “our Committee has a long and bipartisan history of investigating data breaches in the government and private sector, and we look forward to hearing more information about what happened from Capital One.”

The breach, announced earlier this week, impacted about 100 million Americans and 6 million Canadians, and involved an individual gaining access to Capital One credit card applications and about 140,000 Social Security numbers and 80,000 bank account numbers.

The members noted in writing to both Fairbank and Amazon CEO Jeff BezosJeffrey (Jeff) Preston BezosHillicon Valley: GOP lawmaker says 'no place in Congress' for QAnon after supporter's primary win | Uber CEO says app could temporarily shutdown in California if ruling upheld | Federal agency warns hackers targeting small business loan program Top Republican criticizes Twitter's briefing on massive hack To save the Postal Service, bring it online MORE that this amounts to one of the largest data breaches of a major financial institution. 

The individual allegedly involved in the breach, Seattle-based software engineer Paige Thompson, was arrested this week.

Thompson, who the committee leaders noted is reportedly a former Amazon employee, was arrested after she posted on GitHub last month about having accessed Capital One customer data stored on a cloud storage service provided by Amazon Web Services (AWS). Another GitHub user tipped off Capital One and the company subsequently informed the FBI. 

According to the Justice Department, Thompson was able to access the data due to a “misconfigured web application firewall,” and according to Capital One accessed the data over two days in March. 

The committee members wrote to Bezos that they planned to “carefully examine the consequences of the breach” because of a plan to use AWS servers to store 2020 census data and to run the Department of Defense’s Joint Enterprise Defense Infrastructure cloud computing system. 

While Amazon did not immediately respond to request for comment on this story, a spokesperson for Capital One told The Hill that "we have proactively engaged in discussions with lawmakers and elected officials since the arrest of the perpetrator of this cyber incident on Monday and will continue to do so."

The House Oversight and Reform Committee will likely not be alone in examining the Capital One data breach. 

A spokesperson for Senate Banking Committee Chairman Mike CrapoMichael (Mike) Dean CrapoDavis: The Hall of Shame for GOP senators who remain silent on Donald Trump Top GOP senator urges agencies to protect renters, banks amid coronavirus aid negotiations Chamber of Commerce, banking industry groups call on Senate to pass corporate diversity bill MORE (R-Idaho) told The Hill earlier this week that he is “is looking into the matter and will investigate it further,” while the committee’s top Democrat, Sen. Sherrod BrownSherrod Campbell BrownWhat Trump's orders will and won't do for payroll taxes, unemployment benefits Overnight Defense: Guardsman to testify Lafayette Square clearing was 'unprovoked escalation' | Dems push for controversial Pentagon nominee to withdraw | Watchdog says Pentagon not considering climate change risks to contractors Democrats urge controversial Pentagon policy nominee to withdraw MORE (Ohio), told The Hill he would support holding hearings on the data breach. 

Updated at 4:15 p.m.