WASHINGTON (11/19/14)--Sen. Elizabeth Warren (D-Mass.) and Rep. Elijah Cummings (D-Md.) have written to 16 financial institutions requesting information on data breaches they may have experienced. The letter cites an October USA Today report claiming federal officials believe as many as 500 million financial records have been stolen over the past 12 months.
No credit unions were sent letters. They were addressed to executives at ADP, Bank of America Corp., Bank of New York Mellon, Bank of the West, Citigroup Inc., Deutsche Bank, E*Trade Financial Corp., Fidelity Investments, GE Capital, Goldman Sachs, HSBC, Morgan Stanley, PNC Financial Services Group Inc., Regions Bank, US Bancorp and Wells Fargo.
"Each successive cyberattack and data breach not only results in hefty costs and liabilities for businesses, but exposes consumers to identity theft and other fraud, as well as a host of other cybercrimes," the letter reads. "Your ability to protect consumers and safeguard their personal information is central to earning and maintaining consumer confidence in our economic system."
The legislators request information on whether or not the institution has been the subject of a cyberattack in the past 12 months. If so, they request the following information:
Warren and Cummings requested the information no later than Dec. 19. They also requested a briefing from each institution's chief information technology security officer by Dec. 8.
Data security was also the topic of a "CBS This Morning" segment Tuesday that took a look at "Protecting your data during shopping season."
Cybersecurity expert Brian Krebs said that lax merchant standards make it a matter of time before there is another major breach.
"I think we're going to find out in the next couple of weeks when we hear about another one of these big retail breaches," he said. "The retail industry is just the lowest of the low-hanging fruit when it comes to cybersecurity."
The Credit Union National Association has advocated on multiple occasions for merchant security standards to be improved. Unlike financial institutions, who face strict data security standards, merchants operate under no such standards.