The top Republican on the House Oversight and Reform Committee asked executives of Capital One bank and Amazon Web Services for a briefing on the theft of data on 106 million credit card applicants and customers, citing rising privacy concerns and the digital giant’s government contracts.
“Because Amazon Web services will provide the trusted Internet connection and cloud support for the 2020 Census and could potentially run the Department of Defense’s Joint Enterprise Defense Infrastructure cloud computing system, the committee may carefully examine the consequences of this breach,” U.S. Rep. Jim Jordan, an Ohio Republican, said in a letter to Amazon CEO Jeff Bezos obtained by the Washington Examiner. Reps. Mark Meadows and Michael Cloud, of the subcommittees on government operations and economic policy, also signed the letter.
The three sent a similar missive, also obtained by the Washington Examiner, to Capital One CEO Richard Fairbank; both sought a staff-level meeting to obtain more information. The data theft from the McLean, Virginia-based lender, which led to the arrest of a former Amazon Web Services software engineer who used the Twitter alias “erratic.” was disclosed on Monday night.
While the capture of Paige Thompson, 33, differentiates the case from the thefts at credit bureau Equifax in 2017 and hotel chain Marriott a year later, which together affected hundreds of millions of people, it’s still likely to increase pressure on Congress to pass a federal privacy standard. The Equifax breach prompted fiery congressional hearings and the departure of then-CEO Richard Smith, as public ire grew over the realization that identification data including birth dates and Social Security numbers that are difficult or impossible to alter had been taken.
Capital One learned of the April data breach after Thompson listed file names from so-called buckets of information from the bank on GitHub, a digital platform for software development projects, and discussed plans to archive the data so it wouldn’t be on her servers, according to a criminal complaint filed in U.S. District Court in Seattle. Another user saw the posts, which were made under Thompson’s name and referenced her Twitter alias, erratic, and contacted the lender on July 19, according to the complaint.
“I’ve basically strapped myself with a bomb vest,” read a message sent from Thompson’s Twitter account cited in the complaint, “dropping capitalones dox and admitting it. I wanna distribute those buckets I think first. Their SSNs with full names and DOB.”
FBI agents seized numerous digital storage devices in a raid on Thompson’s home on Friday, some of which included references to Capital One and possible other network breaches, the agency said.
No credit card account numbers were compromised, Capital One said in a statement on Monday evening, and more than 99% of Social Security numbers were not. The largest category of information taken was on consumers and small businesses as of the time they applied for credit cards between 2005 and early this year, and included names, addresses, phone numbers, and self-reported income.
