Capital One Fined $80 Million After One Year Of Data Breach

The American bank holding firm Capital One has faced a huge fine for failing to protect users’ security. Specifically, the OCC has fined Capital One for $80 million over a 2019 data breach.

2019 Breach Overview

In mid-2019, the US-based firm Capital One Financial Corporation disclosed a data breach affecting over a hundred million customers. That included a huge number of American and Canadian users.

As revealed, the attack happened due to a vulnerability in the company’s infrastructure. The attackers could, hence, steal Capital One’s customers’ data including their personal information. The pilfered data also included Social Security numbers and bank account numbers of a few thousands of customers.

After some time, law enforcement authorities arrested the attacker, named Thompson as she boasted about the theft on GitHub. It turned out that Paige Thompson, a former Amazon Web Services (AWS) employee, hacked into the AWS servers in use by Capital One. Further investigations revealed that the same attacker also pilfered data from 30 other companies as well.

Capital One Fined

While LEAs arrested the attacker who still awaits a trial, the firm also received criticism on its end for poor security measures.

Hence, now, the Office of the Comptroller of the Currency (OCC) has fined the firm $80 million.

As stated in the press release,

While the OCC encourages responsible innovation in all banks it supervises, sound risk management and internal controls are critical to ensuring bank operations remain safe and sound and adequately protect their customers.

Though, OCC also appreciated the remediation measures that the bank employed and the way it disclosed the incident. Nonetheless, for the security lapse, it now faces a fine that will be paid to the US Treasury.

The OCC took these actions based on the bank’s failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank’s failure to correct the deficiencies in a timely manner.

Let us know your thoughts in the comments.

Related posts

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

ZenHammer Memory Attack Exploits Rowhammer Against AMD CPUs