House Committee on Oversight and Reform Republicans have started a probe into Capital One and Amazon over a massive data breach that affected millions, according to a report by the Financial Times.
The committee sent out two letters and asked for a “staff-level briefing” with both companies in the next two weeks regarding the breach. The alleged perpetrator is Paige Thompson, who used to work at Amazon Web Services (AWS), which is a service where all of the Capital One data was stored. Thompson was arrested and charged on Monday (July 30).
One letter was addressed to Capital One Chief Executive Richard Fairbank. It asked for more details about the breach, like its breadth, and it wanted the bank “to help us more fully understand Capital One’s recent incident and its potential to affect millions of Americans.”
The other letter was addressed to Amazon CEO and Founder Jeff Bezos, and it asked for information on “the current status of AWS security protocols in place to ensure the security of sensitive personal and government data.” The letter mentioned that AWS was going to provide the U.S. 2020 census with data storage, and is also being considered for a Department of Defense cloud computing contract.
That venture would be called the Joint Enterprise Defense Infrastructure contract (JEDI) and it would move a lot of the Pentagon’s data needs as well as storage to the cloud.
The hack has had immediate repercussions, notably in investigations and lawsuits.
On Tuesday (July 30), the attorney general of New York, Letitia James, said her office was going to start investigating the data breach immediately, according to Reuters. The attorney general said it’s become “far too commonplace” for financial firms to experience hacks of this type. And she wants to make sure that people affected in her state are going to be taken care of.
James was instrumental in the settlement with Equifax over a breach that affected 147 million consumers. Equifax has said it will recompense anyone affected by the breach, with conditions.
Also on Tuesday, a man affected by the Capital One breach filed a lawsuit against the firm. Kevin Zosiak, who lives in Stamford, Connecticut, and whose personal information was compromised in the breach, filed the suit in federal court in Washington, D.C., Reuters reported. The suit is seeking class-action status.