Capital One has agreed to pay an $80 million penalty over its lack of preparation against a massive data breach last year, which exposed the personal financial information of over 100 million Americans.
In a regulatory filing, the Office of the Comptroller of the Currency (OCC) said that the bank had failed to establish proper risk assessment procedures in 2015 after it started using cloud storage technology. The regulator also determined that Capital One’s board failed to hold the managers in charge of the cloud storage’s security liable for their neglect.
On top of the penalty, Capital One was ordered to create plans to improve its security procedures within the next three months, a separate regulatory filing by the Federal Reserve said.
Capital One explained in a statement that it has worked on its cyber security measures since the hack.
“Safeguarding our customers’ information is essential to our role as a financial institution,” the bank said in a statement. “In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders.”
Tatiana Stead, a Capital One spokeswoman, told The New York Times in another statement that the bank had put controls in place before the hack occurred. She also confirmed that Capital One has been working on its security measures.
“In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders,” she said.
The hacker in the incident has been identified as Paige Thompson, a former Amazon employee who broke into Amazon’s servers on which Capital One’s cloud storage is based.
Other Artical: Capital One reports millions of US and Canadian customers' data was stolen by hacker
The data breach affected about 100 million individuals in the US, and another six million in Canada. Approximately 140,000 social security numbers were exposed as a result of the hack, as well as about 80,000 linked bank account numbers. Additionally, one million social insurance numbers of Canadian credit card customers were compromised.
Thompson was later arrested by federal authorities, and was charged with illegally accessing Capital One’s files.
You’ve reached your limit – Register for free now for unlimited access
To read the full story, and get unlimited access to Insurance Business website content, just register for free now. GET STARTED HERE
Already a website member? Log in below.
Lloyd's warns about impact of coronavirus on intangible assets
Pandemic increases firms' exposure to new risks
Insurer reacts to proposed Non-profit Property Protection Act
"RRGs that want to embark on this shouldn't expect it to be easy"
CRC Group expands binding capabilities in the Midwest
The company opens a new Indianapolis office and makes several key hires