The Senate Banking Committee plans to hold a hearing next week on ways to “protect the financial sector” from cyberattacks, but for now there are no plans to have anyone from the financial services industry testify.
The hearing set for Wednesday will feature testimony from top officials of the Federal Bureau of Investigation, the Secret Service, the Treasury Department, the Department of Homeland Security and the Office of the Comptroller of the Currency.
The banking committee is holding the hearing in the aftermath of this summer’s big cyberattack at JPMorgan Chase that compromised some account information of 83 million households and small businesses. Law enforcement officials have said the same hackers that breached JPMorgan’s systems also tried to gain access to the systems of at least a dozen other financial institutions.
In October, the banking committee sent a letter to five regulators seeking information about how they were coordinating their work with law enforcement agencies in responding to attacks on the financial system. They were also asked whether legislative proposals were needed to foster a better working relationship. The letter specifically noted the attack on JPMorgan and the need to make sure that government agencies the private institutions work together to maintain the “integrity of the financial system.”
A person briefed on the matter said the hearing would focus on how the various government agencies were working together to deal with cyberattacks on banks and other financial institutions.
It’s not clear how much of the testimony will discuss the attack on JPMorgan or any other specific financial institution.
Patricia Wexler, a JPMorgan spokeswoman, said the bank had not been asked to provide the committee with any information in advance of the hearing. A spokeswoman for the Connecticut attorney general, George Jepsen, whose office is overseeing an investigation by several state attorneys generals into the JPMorgan breach, said the state office had not been contacted by the Senate committee.
In the JPMorgan attack, the bank has said it found no evidence of any fraud or misuse of customer information. JPMorgan said the hackers got access only to customer email addresses, homes addresses and phone numbers but nothing of a more sensitive nature like Social Security numbers.
Over the past several years, cyberattacks on financial institutions have become a matter of increasing concern for regulators who are worried about criminals getting access to sensitive customer financial information or looting accounts. To date, the most serious attacks have taken place in retail, with hackers attempting to get access to credit card account number by breaching the systems at companies like Target and Home Depot.