Republican members of the House of Representatives' Committee on Oversight and Reform this week sent open letters to both Capital One and Amazon, requesting that both companies arrange a briefing with Congressional staff members regarding Capital One's recently announced data breach.
Last Monday, McLean, Va.-based Capital One Financial Corporation publicly acknowledged that an unauthorized individual leveraged a misconfigured web application firewall last March to access the finance company's files, hosted on Amazon Web Services S3 servers. Paige A. Thompson, 33, a former AWS employee in Seattle, was arrested in connection with the breach, which affects 106 million individuals in the U.S. and Canada.
"The Committee regularly conducts oversight of data breaches at financial institutions," says a letter addressed to Capital One Chairman and CEO Richard Fairbank, signed by Jim Jordan (R-Ohio), committee Ranking Member; Michael Cloud (R-Texas); ranking member of the subcommittee on economic and consumer policy; and Mark Meadows, ranking member of the subcommittee on government operations. (R-N.C.) "To help us more fully understand Capital One's recent incident and its potential to affect millions of Americans, we ask that you please arrange for a staff-level briefing on the incident, its nature and scope, as well as Capital One's response to the disclosure."
The Republicans' other letter, which is addressed to Amazon.com Inc. CEO Jeff Bezos, expresses interest in AWS' current security protocols, and further notes that the Oversight and Reform Committee "may carefully examine the consequences of this breach" in light of the fact that AWS will be providing Internet connectivity and cloud support for the 2020 Census, and may potentially operate the Department of Defense's Joint Enterprise Defense Infrastructure cloud computer system. (The Pentagon is reportedly now reviewing its selection of Amazon for the latter project, after President Donald Trump expressed concerns that the bidding process was biased toward Amazon.)
Both letters request briefings no later than Aug. 15 of this year.
A report in The Hill yesterday said that Oversight and Reform Committee Chairman Elijah Cummings (D-Md.) also was interested in investigating the incident, noting that “our committee has a long and bipartisan history of investigating data breaches in the government and private sector, and we look forward to hearing more information about what happened from Capital One."