USA financial regulator dings Capital One for $80 million

Marco Green
August 10, 2020

A USA financial regulator has fined Capital One $80 million in connection with the 2019 data breach that compromised details on approximately 106 million people. Specifically, the federal bank regulator said the company had failed "to establish effective risk assessment processes" before migrating some of its technology operations to the cloud.

In July 2019, the Federal Bureau of Investigation arrested Paige A. Thompson of Seattle, alleging that she hacked the bank and then bragged about it in online forums. Capital One was using Amazon Web Services, a subsidiary of the Seattle-based tech giant that offers cloud computing services.

The suspected hacker was a former employee of Amazon Web Services, a cloud provider where the bank had moved some of its data.

These unsafe and poor security practices resulted in a massive data breach past year when a single hacker was able to steal credit card information of over 106 million Capital One customers.

Prosecutors say the hacker was able to access roughly 100 million credit card applications as well as the Social Security numbers of more than 100,000 customers. The agency alleged that Capital One failed to appropriately implement certain network security controls, as well as adequate controls for the prevention of data losses.

The OCC also said that the credit card provider also left numerous weaknesses in its cloud-based data storage in an internal audit in 2015 as well as failed to patch security vulnerabilities, violating the "Interagency Guidelines Establishing Information Security Standards", that all U.S. banks must comply with.

"In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders", Capital One said.

"We appreciate our regulators' recognition of our positive customer notification and remediation efforts, and remain committed to working closely with them to ensure that we meet the highest standards of protection for our customers", the company spokesperson said.

Other reports by Click Lancashire

Discuss This Article