In light of reports that more than 500 million records have been compromised due to data security breaches in the U.S. financial sector over the past year, Rep. Elijah E. Cummings (D-MD) and Senator Elizabeth Warren (D-MA) sent identical letters to 16 large financial firms requesting information about recent data breaches and seeking detailed briefings from corporate IT security officers. The Members cited press accounts reporting that law enforcement officials believe the U.S. financial sector is one of the most targeted in the world, and that approximately 80% of hacking victims in the business community didn't even realize they had been hacked until they were told by investigators. The financial firms receiving the letters included Bank of America, Citigroup, Goldman Sachs, ADP, Wells Fargo, and Deutsche Bank.
Specifically, the firms were asked to provide a description of all data breaches that the firm has experienced over the past year, including the date and the manner and method by which the fin first discovered the breaches, the dates the breaches are believed to have begun and nded, and the types of data breached. Also requested are the approximate number of customers that may have been affected by the breaches and the manner in which customers were notified of the breaches. Also, the firms should provide the findings from forensic investigative analyses or reports concerning the breaches and the individual or entities suspected or believed to have caused the data breaches and whether they have been reported to the proper law enforcement agencies. The firms should describe data protection improvement measures taken since the breaches were discovered.