Senator Elizabeth Warren (D-Massachusetts) and Congressman Elijah Cummings (D-Maryland) sent letters on Tuesday to 16 financial institutions requesting detailed information regarding data breaches and seeking information about briefings from corporate IT officials, according to an announcement on Warren's web site.
The letters were prompted by multiple press reports, notably a front page story in USA Today, stating that hackers have been attempting to breach firms' financial data as part of a broad cyber-attack campaign, and it is believed that the breaches have caused more than 500 million records to be compromised. Institutions targeted by the letters included banks, investment firms, and other financial service providers, according to the announcement.
"The increasing number of cyber-attacks and data breaches is unprecedented and poses a clear and present danger to our nation's economic security," Cummings and Warren wrote to the institutions. "Each successive cyber-attack and data breach not only results in hefty costs and liabilities for businesses, but exposes consumers to identity theft and other fraud, as well as a host of other cyber-crimes. Your ability to protect consumers and safeguard their personal information is central to earning and maintaining consumer confidence in our economic system."
Warren and Cummings stated in the letters that the "U.S. financial sector is one of the most targeted in the world," according to law enforcement officials, and they believe that as many as 80 percent of victims whose businesses were hacked did not even realize it until investigators had informed them.
The 16 institutions targeted by Warren and Cummings in Tuesday's letters were: ADP, Bank of America, Bank of NY Mellon, Bank of the West, Citigroup, Deutsche Bank, E-Trade, Fidelity, GE, Goldman Sachs, HSBC, Morgan Stanley, PNC, Regions, U.S. Bank, and Wells Fargo, according to Warren's web site. Warren and Cummings requested the information on the data breaches to be sent to them by December 19 and the information on the IT briefings to be sent to them by December 8.
Warren and Cummings requested from two of the institutions, Citigroup and U.S. Bank, information about how the data breaches "may have affected their administration of government purchase and charge cards under contracts with the General Services Administration."
Last week, Warren and Cummings sent similar letters to retailers such as Home Depot, Target, and K-Mart as well as to the U.S. Postal Service and State Department.