Capital One Financial has been ordered to pay an $80m fine by the Office of the Comptroller of the Currency (OCC) after its data breach in 2019.
The OCC claims it issued the fine due to the bank’s inability to establish effective risk assessment processes prior to migrating significant operations to the public cloud environment. Additionally, the bank failed to correct the deficiencies quick enough.
When implementing the fine, the OCC considered Capital One’s customer modification and remediation efforts.
The data breach incident in question happened in March 2019 and resulted in 109 million customers data being compromised. It took four months for this cyber attack to be identified after a GitHub user noticed someone posting about it. GitHub is a community of developers where they can discover, share and build software.
Capital One was alerted of the potential vulnerability in their system, which turned out to be a misconfigured firewall. Paige Thompson was taken into custody for allegedly being responsible for the hack, but is awaiting trial.
In the bank’s third quarter 2019 results, it stated around $22m had been spent on cybersecurity incident expenses.
The OCC said, “While the OCC encourages responsible innovation in all banks it supervises, sound risk management and internal controls are critical to ensuring bank operations remain safe and sound and adequately protect their customers.”
Capital One will pay the penalty to the US Treasury.
Copyright © 2020 FinTech Global
Copyright © 2018 RegTech Analyst