WASHINGTON—Data breaches remained on the national radar last week as British Airways announced 380,000 card payments had been compromised, and House Financial Services Subcommittee Chairman Blaine Luetkemeyer (R-MO) introduced a long-expected bill that would establish national data breach notification requirements for all financial entities.
British Airways announced that consumers who booked flights with the company between Aug. 21 and Sept. 5, 2018, had their personal data – including credit card numbers, expiration dates and security codes, and names, street addresses and email addresses – stolen in the breach.
Those customers who were impacted should have received an email from British Airways informing them of the breach. The email encouraged them to contact their financial institutions and credit-card providers.
What Bill Would Do
Meanwhile, Luetkemeyer's Consumer Information Notification Requirement Act would amend the Gramm-Leach-Bliley Act to require a notice of unauthorized access that is likely to result in identity theft, fraud or economic loss by all financial entities, including credit bureaus, akin to what is already in place for financial institutions. In turn, entities with national data standards would be pre-empted from state established standards.
The legislation is a scaled-down version of a larger data security bill that Luetkemeyer released earlier this year. Luetkemeyer released the new bill in an effort to advance the issue yet this session; the House Financial Services Committee is expected to hold a mark-up of the legislation in the near future, but its fate remains uncertain given the short amount of time left on the congressional calendar prior to recess, and the face a number of funding bills still need to be passed.