Capital One has agreed to a $80 million fine from US regulators over a 2019 hack which exposed the personal information of more than 100 million customers and applicants.
The Office of the Comptroller of the Currency (OCC) levied the fine based on the bank's "failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner".
Capital One revealed in July 2019 that a hacker accessed information relating to about 100 million American and six million Canadian customers that was sitting on Amazon Web Services servers.
The following month a software engineer called Paige Thompson was indicted on Federal charges for wire fraud and computer data theft related to alleged unauthorised intrusion into stored data of more than 30 companies, including Capital One.
According to the indictment, Thomson created scanning software that allowed her to identify customers of AWS who had misconfigured their firewalls, allowing outside commands to penetrate and access their servers. She then used the access to steal data.
In addition to the fine, US regulators have told Capital One to boost its risk management programme and related governance and controls, specifically around cybersecurity.