Photo Courtesy of Sen. Schumer
Schumer called on the FTC to ensure companies are doing everything they can to protect consumer data as he also called on the DOJ to fully investigate and go after hackers aiming to harm Americans and New Yorkers.
By Forum Staff
Revealing that in, roughly, the last 30 days, American Airlines, DoorDash, Uber, and U-Haul, have all been hacked and experienced a serious data breach, U.S. Senator Charles Schumer called on the Federal Trade Commission (FTC) to ensure companies are doing everything they can to protect consumer data as he also called on the Department of Justice (DOJ) to fully investigate and go after hackers aiming to harm Americans and New Yorkers.
On Sunday, Schumer detailed that a March 2022 law gave the feds more oversight on many hacks and said more public information for impacted consumers should be made available. Schumer said many consumers are clueless about these recent hacks and others that have preceded them. Schumer said he wants the feds to publicly disclose more details on recent breaches, and give impacted consumers more help and information. Schumer said these most recent hacks span a variety of U.S. industries and that we must be vigilant about where these hacks originate and the information they collect.
“In roughly the last 30 days, vital and personal information has been hacked at many major U.S. companies, compromising people’s privacy. Yet, if you ask most people about these hacks they don’t even know they occurred and the feds are saying very little,” Schumer said. “In fact, for a lot of consumers, unless you have a service—which often comes at a cost—you are not aware of these breaches and hacks. And in some cases, even if you do have a service that alerts you, information about where your personal information went, the origin of the hack and so much more is elusive.”
Schumer explained that in a March 2022 government funding package that was signed by the president, sweeping cybersecurity legislation was enacted that required many industries to quickly report data breaches and ransomware payments. The new law, the Cyber Incident Reporting Act, according to Bloomberg, mandated that companies report hacks to the U.S. Department of Homeland Security within 72 hours of discovery of the incident, and 24 hours if they make a ransomware payment.
FBI officials, according to the report, estimated that the bureau has visibility into a quarter of cyber incidents, resulting in a government-wide lack of information about the nature of many data breaches, the tactics of cybercriminals and the U.S. industries that are most vulnerable. The legislation, the report noted, positioned DHS’s Cybersecurity and Infrastructure Security Agency as a central hub for receiving private sector incident response reports from owners and operators of critical infrastructure, sharing threat data and tracking the evolution of ransomware, a pernicious issue for American business that has been difficult to quantify. The feds have not said how they will use data gleaned from breach reports, but has been seeking to build its capabilities and work more closely with the private sector on a voluntary basis, Bloomberg noted.
On September 20, American Airlines confirmed a data breach and said an “unauthorized actor” gained access to personal information of a small number of customers and employees through a phishing campaign.
On August 28, DoorDash publicly revealed that a sophisticated phishing attack left customers’ personal information and partial payment information exposed to hackers.
On September 16, Uber revealed that their computer systems were breached and that they alerted authorities.
On September 21, U-Haul publicly revealed that a data breach of their system exposed sensitive consumer data of more than two million clients over five months.
