Capital One Charged with a Penalty of $80 Million for 2019 Data Breach

Capital One Office
Source: Getty Images

Capital One, a major American financial corporation has been charged with a penalty of $80 million for a data breach that took place in 2019. As per sources, the data breach had revealed the private data of Capital One’s 100 million customers.

OCC, aka Office of the Comptroller of Currency, had ordered a detailed investigation into this data breach case. For those who don’t know, OCC is a part of the US Treasury. The report released by OCC says, Capital One was very well aware of the inefficiency of its security infrastructure.

OCC – “The Bank’s internal audit failed to identify numerous control weaknesses and gaps in the cloud operating environment. Internal audit also did not effectively report on and highlight identified weaknesses and gaps to the Audit Committee.

The data breach took place during Mar-April of 2019. The most shocking part is that Capital One was “unaware” of the breach until July. That too after the company was made aware of the leak by someone who revealed to them that Capital One’s private data was available on a GitHub page.

The investigators involved in this case found out that an Amazon Cloud worker, Paige Thompson, was involved in wire fraud and cyber crime. 

Thompson exploited the security weaknesses of Capital One’s cyber infrastructure to extract the private data of the customers and posted it on the internet. She pleaded not guilty for the accusations, her case has been put on the trial for 2021.   

OCC said in the report that, “In or around 2015, the Bank failed to establish effective risk assessment processes prior to migrating its information technology operations to the cloud operating environment. The Bank also failed to establish appropriate risk management for the cloud operating environment, including appropriate design and implementation of certain network security controls, adequate data loss prevention controls, and effective dispositioning of alerts.

Capital One has been ordered by OCC to form a compliance committee with a deadline of August-end. The committee will provide security updates and that input will be considered by Capital One to take necessary steps to avoid such data leaks in the future and improve the security

Keep following Mangum Star News for continuous updates on this case. If you have any queries, drop us an email at [email protected]

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here