Congress to banks: Admit you've been hacked!

Starbucks CEO: no company immune from hacking
Starbucks CEO: no company immune from hacking

Banks have lost so much consumer information to hackers this year that two members of Congress are asking them to come clean with the extent of the damage.

Tuesday morning, 16 financial institutions will receive letters from Sen. Elizabeth Warren and Rep. Elijah E. Cummings asking them to admit that they have been hacked, explain how it happened and be transparent about what they lost.

In many cases, companies that are hacked never reveal it to their customers. Or they release vague, useless information that hides the seriousness of the breach.

Related: Hackers attack U.S. energy grid

Earlier this year, hackers broke into JPMorgan. The bank said hackers gathered information on more than 80 million customers. But sources close to the investigation told CNNMoney the hackers hit at least six other companies -- none of which came forward about it.

"The increasing number of cyberattacks and data breaches is unprecedented and poses a clear and present danger to our nation's economic security," Cummings and Warren wrote in the letter.

They noted that faith in banks' ability to keep consumer data safe "is central to earning and maintaining consumer confidence in our economic system." The letter referenced a recent USA Today report that hackers have stolen more than 500 million financial records over the past year.

Earlier this year, CNNMoney noted that half of American adults have been hacked.

Expert: Russia tacitly endorsed hack
Expert: Russia tacitly endorsed hack

The politicians' joint letter was sent to the following financial institutions:

  • ADP
  • Bank of America
  • Bank of NY Mellon
  • Bank of the West
  • Citigroup
  • Deutsche Bank
  • E-Trade
  • Fidelity
  • GE
  • Goldman Sachs
  • HSBC
  • Morgan Stanley
  • PNC
  • Regions
  • US Bank
  • Wells Fargo

In their letter, Cummings and Warren also asked to meet personally with the chief information security officer at each company in the next few weeks.

The information Warren and Cummings are seeking is already known to the FBI, which typically investigates these cases.

But such insight is rarely made public. There is no national data breach law requiring companies to be honest about what customer information they've lost. Instead, there are 47 different state laws that don't protect everyone equally -- and cause a legal headache for the company when it does get hacked.

CNNMoney Sponsors