/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

Capital One fined $80m for massive 2019 hack

Capital One has agreed to a $80 million fine from US regulators over a 2019 hack which exposed the personal information of more than 100 million customers and applicants.

Be the first to comment

Capital One fined $80m for massive 2019 hack

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The Office of the Comptroller of the Currency (OCC) levied the fine based on the bank's "failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner".

Capital One revealed in July 2019 that a hacker accessed information relating to about 100 million American and six million Canadian customers that was sitting on Amazon Web Services servers.

The following month a software engineer called Paige Thompson was indicted on Federal charges for wire fraud and computer data theft related to alleged unauthorised intrusion into stored data of more than 30 companies, including Capital One.

According to the indictment, Thomson created scanning software that allowed her to identify customers of AWS who had misconfigured their firewalls, allowing outside commands to penetrate and access their servers. She then used the access to steal data.

In addition to the fine, US regulators have told Capital One to boost its risk management programme and related governance and controls, specifically around cybersecurity.

Sponsored [New Survey Report] The Global Fight Against Trade-Based Financial Crime

Comments: (0)

[Webinar] SaaS savvy: Preparing for embedded and data driven bank paymentsFinextra Promoted[Webinar] SaaS savvy: Preparing for embedded and data driven bank payments