Sen. Elizabeth Warren is putting pressure on Capital One to answer questions about the recent data breach that affected more than 100 million of the bank’s customers.
In a letter on Wednesday to Richard Fairbank, Capital One’s chief executive, the Massachusetts Democrat and 2020 presidential candidate requested information on how the breach was conducted and when the bank plans to notify customers whose data — including possibly their Social Security numbers — was taken in the breach.
“The public deserves to know exactly what the company plans to do to ensure that consumers’ accounts and application information are protected from the consequences of Capital One’s security failures,” Warren wrote to Fairbank.
In her letter, the senator raised concerns that the company promised to notify individuals who were affected but did not offer a timetable for doing so or an explanation of who it considered an affected customer.
“This is especially concerning because 100 million stolen credit card applications include current customers, former customers, and individuals and business that submitted applications but ultimately did not receive credit cards,” she wrote.
Warren also questioned Capital One’s characterization of Paige Thompson, the 33-year-old former Amazon employee from Seattle who was arrested by the FBI on Monday and charged in connection with the breach, as a “highly sophisticated individual.”
The senator said Thompson’s “knowledge may not be unique — tens of thousands of employees work or have worked at Amazon Web Services and thousands more work at Capital One.”
As a member of the Senate Banking, Housing and Urban Affairs Committee, Warren played a leading role in the committee’s probe of the credit scoring firm Equifax, which recently agreed to pay up to $700 million in fines following a data breach that affected nearly 150 million people.
After the breach, Senate Banking Chairman Michael D. Crapo, R-Idaho, said the committee would probe Capital One as it had Equifax.
“I have concerns about all aspects of this,” Crapo said last week. “We want to understand how this happened, how other breaches happened [ . . . ] and we want to know how vulnerabilities [appear] in systems and figure out what we must do to deal with them at a policy level. I don’t have answers yet, but yes, we need to figure that out and we do have concerns about those vulnerabilities.”
New York state Attorney General Letitia James said last week that her office would also undertake an investigation of the breach and “will work to ensure that New Yorkers who were victims of this breach are provided relief.”
She added: “We cannot allow hacks of this nature to become everyday occurrences.”