Senate Democrats call out Capital One over breach response

WASHINGTON — Democratic senators are criticizing Capital One over its response to a data breach that affected roughly 100 million customers, saying the bank hasn’t taken sufficient steps to make good on its commitment to protect consumers from further harm.

The five senators — including Banking Committee ranking member Sherrod Brown of Ohio and Elizabeth Warren of Massachusetts — are zeroing in the bank's alleged failure to help consumers get timely credit monitoring and identity protection services, which Capital One had promised free of charge. The letter followed one that Warren sent to the bank last month.

“Capital One has not established an effective process for consumers to request free credit monitoring and identity protection services,” the senators wrote in a letter to Capital One CEO Richard Fairbank Wednesday. “Nor does it appear that those services are yet available for consumers when they call in to request them.”

Signage is displayed on the window of a Capital One cafe branch in San Francisco.

The senators said the bank has not established a dedicated telephone number for customers to request free credit monitoring and identity protection, nor does it have an online option for consumers to request the services. They also called out the bank over slow delivery of the services and failing to provide any notification about the breach to consumers through their online accounts.

Capital One had promised all customers free credit monitoring and identity protection, regardless of whether they were affected by the breach.

“These deficiencies mean that … consumers do not know whether their personal information has been breached” and “Capital One may limit the number of consumers for whom it will have to provide free credit monitoring and identity protection services,” the senators wrote.

They are asking Capital One if it has identified potentially affected consumers beyond what was initially disclosed in the wake of the breach, as well as information on when the bank sent breach notification letters to the 140,000 consumers whose Social Security numbers were stolen and the 80,000 customers whose banks account numbers were stolen.

Capital One has until Sept. 20 to respond to the letter.

A representative from the bank said that it has "maintained an open dialogue with our customers and lawmakers."

"At this time, all individuals in the U.S. whose Social Security numbers or linked bank account numbers were accessed have been directly notified by mail," the spokesperson said. "Tens of thousands have already enrolled in free credit monitoring and identity protection, and we will continue to make this service available to everyone affected. Importantly, the perpetrator responsible for the cyber incident has been arrested and the government has said they believe the data has been recovered and that there is no evidence the information was used for fraud or shared by this individual."

The spokesperson said the bank is working on a response to the lawmakers.

For reprint and licensing requests for this article, click here.
Data breaches Cyber security Policymaking Elizabeth Warren Sherrod Brown Senate Banking Committee Capital One
MORE FROM AMERICAN BANKER