Capital One fined $80 million for breach that exposed 100 million accounts

Capital One Bank has been penalized for data breach that occurred when it shifted operations to cloud-based service.



Capital One Financial Corp. has been penalized $80 million by the U.S. Treasury Department for a data breach of its accounts that occurred a year ago.

It has been accused of carelessness in its security network that enabled a hack to access personal information of 106 million credit cardholders of the bank.

Capital One migrated its operations to a cloud-based service in 2015 and it seems that enough security and risk management protocols were not put in place to prevent such a breach, claims the department.

The Comptroller of Treasury said the bank’s own internal audit failed to identify “numerous weaknesses” in its management of the cloud environment and “engaged in unsafe or unsound practices that were part of a pattern of misconduct.”

Capital One 2019 Data Breach Fined Penalized

Capital One HQ

Capital One in its consent order to the government body has committed to fixing the problem. Capital One’s breach is one of the largest of its kind. The 2019 breach compromised about 140,000 Social Security numbers and 80,000 bank account numbers, says a news report.

A hacker obtained personal information, including names and addresses of about 100 million individuals in the United States and 6 million people in Canada. The suspected hacker was a former employee of Amazon Web Services, a cloud provider where the bank had moved some of its data.

“Safeguarding our customers’ information is essential to our role as a financial institution,” said a bank representative in a statement. “In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders.”

The perpetrator of the crime has been identified as one Paige Thompson, working with Amazon. S/he has denied the charges.

Thompson is set to stand trial in February. She is transgender and her lawyers have requested that she be sequestered at a halfway house, keeping her mental health in mind. But the judge in the case denied the request saying she was a flight risk and danger to others.

No evidence has emerged that Thompson sought to benefit financially from the hack.

The Office of the Comptroller of Currency has also ordered the bank to overhaul its operations to ensure it is adequately guarding against general cybersecurity risks and risks specific to cloud operations. The OCC also wants the bank to submit those plans for review. The bank faces similar scrutiny from the Federal Reserve.

The data breach should alert other banks that are migrating data to cloud-based services.

Banks are now being lured by such outsourcing services, which offer a cost-effective way for storing huge databases that require a lot of upkeep in-house.

The problem is that safety is compromised. Banks across the globe have embraced cloud solutions offered by the likes of Amazon, Google, and Microsoft.

Some argue that the new system is more secure as the cloud servicing companies are huge software companies with sophisticated high-end security measures.

But as is evident by the current security breaches that happened at Twitter, Amazon, and the Waymo patent documents, sometimes in-house personnel compromise and give access to secrets.

Anna Domanska
Anna Domanska is an Industry Leaders Magazine author possessing wide-range of knowledge for Business News. She is an avid reader and writer of Business and CEO Magazines and a rigorous follower of Business Leaders.

Leave a Reply

Your email address will not be published.

Recent Posts

NASA Set To Unveil The Deepest Image Of The Universe

NASA Set To Unveil The Deepest Image Of The Universe

Thomas Zurbuchen revealed that seeing the deepest image of the universe for the first time will be akin to witnessing nature “giving up secrets that have been there for many, man
17 hours ago
SEC Fines Ernst & Young $100 Million Over CPA Cheating Scandal

SEC Fines Ernst & Young $100 Million Over CPA Cheating Scandal

The SEC said that EY had earlier been intimated about the potential of staff cheating on accountant exams by an employee. Furthermore, even after an internal EY investigation confi
21 hours ago
A Google Analytics Ban Sweeps Across the EU

A Google Analytics Ban Sweeps Across the EU

The decision came after careful consideration of several complaints by the Austrian NGO noyb. The NGO filed nearly 101 complaints with all EU data protection authorities.
2 days ago
It’s Time. To Ban TikTok, Says US FCC Commissioner

It’s Time. To Ban TikTok, Says US FCC Commissioner

For years, TikTok has continued to assure authorities that data collected from US users is stored in the US, and not China as many believe. A recent Buzzfeed report set fire to the
2 days ago
Tesla Shuts San Mateo Office Laying Off 200 Employees

Tesla Shuts San Mateo Office Laying Off 200 Employees

The billionaire entrepreneur had previously commented on reducing the salaried workforce at Tesla. Out of nearly 100,000 Tesla employees worldwide, 42% are based out of the United
3 days ago
The Mattel Metaverse – Launched by Cryptoys

The Mattel Metaverse – Launched by Cryptoys

In a recent interview, he acknowledged that toys and players are continuously evolving. Keeping this in mind, the company wants to develop its wares both in the physical and digita
3 days ago