Warren presses Capital One CEO for more details about breach

WASHINGTON — Sen. Elizabeth Warren is pressing Capital One for details on the bank's recent security breach that compromised the personal information of more than 100 million consumers.

In a letter to Capital One CEO Richard Fairbank, the Massachusetts Democrat asked why the bank didn’t detect the breach for nearly four months and how it plans to prevent a breach in the future.

“It is also disturbing that Capital One did not detect the breach until nearly four months after the incident,” Warren wrote to Fairbank Thursday. “The public deserves to know exactly what the company plans to do to ensure that consumers' accounts and application information are protected from the consequences of Capital One's security failures.”

Warren is asking Capital One for a detailed timeline of the breach and other information such as security-related decisions by the bank prior to the breach and its actions after discovering the breach.

She also inquired about how many social security numbers, birth dates and individual addresses were accessed, as well as how the bank plans to contact credit card applicants affected by the breach who did not ultimately become customers.

Capital One signage is displayed outside a bank branch in New York.
Capital One Financial Corp. signage is displayed outside a bank branch in New York, U.S., on Saturday, July 13, 2019. Capital One Financial Corp. is scheduled to release earnings figures on July 18. Photographer: Mark Abramson/Bloomberg
Mark Abramson/Bloomberg

"If Capital One does not have up-to-date or accurate contact information for every individual, what steps will Capital One take to ensure that these individuals are still notified in a timely manner?" she said.

Warren also sought information on whether executives at Capital One or Amazon Web Services, which hosts the bank’s database, are being held accountable for security failures; whether regulators were informed of the breach before it became public; and how the bank intends to mitigate the impact on affected by consumers beyond just providing free credit monitoring and identity theft services.

Capital One announced last month that data from roughly 100 million people was illegally accessed after Paige Thompson, a former Amazon Web Services employee, allegedly broke into the bank’s server.

Thompson was allegedly able to decrypt data and access names, phone numbers, and addresses, as well as over 100,000 Social Security numbers and tens of thousands of bank account numbers.

The breach was roughly two years after the credit reporting agency Equifax announced a breach that compromised the personal information of roughly 148 million Americans.

In her letter to Fairbank, Warren said an investigation revealed that “Equifax set up a failed system to prevent and mitigate the impact of data breaches, ignored numerous warnings of risks to sensitive data, failed to notify consumers and regulators of the breach in a timely fashion, and provided inadequate information and assistance to consumers in the wake of the breach.

“I hope that this investigation does not reveal similar failures by Capital One,” Warren said.

Capital One has until Aug. 19 to respond to Warren’s letter.

For reprint and licensing requests for this article, click here.
Data breaches Cyber security Regional banks Elizabeth Warren Capital One Senate Banking Committee
MORE FROM FINANCIAL PLANNING