Capital One fined $80 million for breach that exposed 100 million accounts

Capital One Bank has been penalized for data breach that occurred when it shifted operations to cloud-based service.



Capital One Financial Corp. has been penalized $80 million by the U.S. Treasury Department for a data breach of its accounts that occurred a year ago.

It has been accused of carelessness in its security network that enabled a hack to access personal information of 106 million credit cardholders of the bank.

Capital One migrated its operations to a cloud-based service in 2015 and it seems that enough security and risk management protocols were not put in place to prevent such a breach, claims the department.

The Comptroller of Treasury said the bank’s own internal audit failed to identify “numerous weaknesses” in its management of the cloud environment and “engaged in unsafe or unsound practices that were part of a pattern of misconduct.”

Capital One 2019 Data Breach Fined Penalized

Capital One HQ

Capital One in its consent order to the government body has committed to fixing the problem. Capital One’s breach is one of the largest of its kind. The 2019 breach compromised about 140,000 Social Security numbers and 80,000 bank account numbers, says a news report.

A hacker obtained personal information, including names and addresses of about 100 million individuals in the United States and 6 million people in Canada. The suspected hacker was a former employee of Amazon Web Services, a cloud provider where the bank had moved some of its data.

“Safeguarding our customers’ information is essential to our role as a financial institution,” said a bank representative in a statement. “In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders.”

The perpetrator of the crime has been identified as one Paige Thompson, working with Amazon. S/he has denied the charges.

Thompson is set to stand trial in February. She is transgender and her lawyers have requested that she be sequestered at a halfway house, keeping her mental health in mind. But the judge in the case denied the request saying she was a flight risk and danger to others.

No evidence has emerged that Thompson sought to benefit financially from the hack.

The Office of the Comptroller of Currency has also ordered the bank to overhaul its operations to ensure it is adequately guarding against general cybersecurity risks and risks specific to cloud operations. The OCC also wants the bank to submit those plans for review. The bank faces similar scrutiny from the Federal Reserve.

The data breach should alert other banks that are migrating data to cloud-based services.

Banks are now being lured by such outsourcing services, which offer a cost-effective way for storing huge databases that require a lot of upkeep in-house.

The problem is that safety is compromised. Banks across the globe have embraced cloud solutions offered by the likes of Amazon, Google, and Microsoft.

Some argue that the new system is more secure as the cloud servicing companies are huge software companies with sophisticated high-end security measures.

But as is evident by the current security breaches that happened at Twitter, Amazon, and the Waymo patent documents, sometimes in-house personnel compromise and give access to secrets.

Anna Domanska
Anna Domanska is an Industry Leaders Magazine author possessing wide-range of knowledge for Business News. She is an avid reader and writer of Business and CEO Magazines and a rigorous follower of Business Leaders.

Recent Posts

Nokia to launch T20 tablet with 10.36 inch display

Nokia to launch T20 tablet with 10.36 inch display

The Nokia T20 will sport a 10.36-inch display and will have 4 GB RAM along with 64 gigs of native storage.
2 days ago
Ford sees surprise Q2 profit despite chip shortage and manufacturing hassles

Ford sees surprise Q2 profit despite chip shortage and manufacturing hassles

“The business is ‘spring loaded’ for a rebound when semiconductor supplies stabilize and more closely match demand.”
2 days ago
Audi A6 E-tron Production Launch in 2023

Audi A6 E-tron Production Launch in 2023

Audi has confirmed that there will be multiple variants of the etron, including “basic versions optimized for minimum consumption and maximum range.
3 days ago
Royal Dutch Shell buyback lifts investor sentiment

Royal Dutch Shell buyback lifts investor sentiment

Royal Dutch Shell commences share buybacks before the end of this year while reducing its first quarter dividend to 16 cents per share, a 66% cut.
3 days ago
Citizens Financial to acquire Investors Bancorp in $3.5 billion NYC push

Citizens Financial to acquire Investors Bancorp in $3.5 billion NYC push

Citizens Financial Group, Inc. and Investors Bancorp announced today that they have entered into a definitive agreement and plan of merger in a cash-and-stock deal worth $3.5 billi
4 days ago
Apple Q3 Earnings Break Records Again!

Apple Q3 Earnings Break Records Again!

Apple Q3 earnings prove the Cupertino giant remains unaffected by the Covid-19 pandemic as sales rise across all product lines.
4 days ago