Capital One Fined $80 Million After One Year Of Data Breach

The American bank holding firm Capital One has faced a huge fine for failing to protect users’ security. Specifically, the OCC has fined Capital One for $80 million over a 2019 data breach.

2019 Breach Overview

In mid-2019, the US-based firm Capital One Financial Corporation disclosed a data breach affecting over a hundred million customers. That included a huge number of American and Canadian users.

As revealed, the attack happened due to a vulnerability in the company’s infrastructure. The attackers could, hence, steal Capital One’s customers’ data including their personal information. The pilfered data also included Social Security numbers and bank account numbers of a few thousands of customers.

After some time, law enforcement authorities arrested the attacker, named Thompson as she boasted about the theft on GitHub. It turned out that Paige Thompson, a former Amazon Web Services (AWS) employee, hacked into the AWS servers in use by Capital One. Further investigations revealed that the same attacker also pilfered data from 30 other companies as well.

Capital One Fined

While LEAs arrested the attacker who still awaits a trial, the firm also received criticism on its end for poor security measures.

Hence, now, the Office of the Comptroller of the Currency (OCC) has fined the firm $80 million.

As stated in the press release,

While the OCC encourages responsible innovation in all banks it supervises, sound risk management and internal controls are critical to ensuring bank operations remain safe and sound and adequately protect their customers.

Though, OCC also appreciated the remediation measures that the bank employed and the way it disclosed the incident. Nonetheless, for the security lapse, it now faces a fine that will be paid to the US Treasury.

The OCC took these actions based on the bank’s failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank’s failure to correct the deficiencies in a timely manner.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Source link

Leave a Reply

Your email address will not be published.