"We've started already and we are going to investigate and learn exactly what happened", Crapo said in an impromptu press briefing in the hallways of Congress on Tuesday. "How you deal with breaches is one piece of the whole big data issue that I've been looking at".
Crapo said he is planning legislation that would establish new data protections for consumers.
Earlier on Tuesday, New York State Attorney General Letitia James also announced that her office would investigate the hack.
"My office will begin an immediate investigation into Capital One’s breach [...] Though Capital One’s breach was internal, the fact still remains that safeguards were missing that allowed for the illegal access of consumers’ names, Social Security numbers, dates of birth, addresses, and other highly sensitive, personal information", James said in a press release.
James recently led a 50 state lawsuit that resulted in a $700 million penalty against the US credit monitoring service Equifax over a data breach affecting nearly 150 million people.
Capital One is one of the ten largest US banks and one of the nation’s biggest providers of credit cards.
Capital One reported the data theft on Monday. In a message to customers, the bank said no credit card account numbers or log-in credentials were stolen and over 99 percent of Social Security numbers were not compromised.
The largest category of stolen information consisted of names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income, the bank said.