Cyber SecuritySecurity Culture

Capital One Pays $80 Million Fine for 2019 Data Breach

Office of the Comptroller of the Currency (OCC) charged Capital One with $80 million fine for the July 2019 data breach. Weak risk management and control caused it. The breach compromised personal details of 100 million U.S. users and 6 million Canadian citizens. Jaclyn Jaeger discusses the Capital One data breach in this article at Compliance Week.

Capital One Data Breach

Capital One reported the data breach on the same day it happened. The culprit was Paige Thompson that worked as a software engineer in a Seattle-based IT company. She declared on GitHub that she took advantage of a vulnerability in the firewall of the company’s Web application. So, what made OCC hit Capital One with such a massive fine? Here are the reasons:

Penalty Reasons

  • OCC’s consent order stated that Capital One did not have proper risk management processes in 2015. Nonetheless, the bank migrated its IT processes to the cloud. Even after migration, it did not work updating the risk protocols. So, the network, data security, and intrusion alerts were never there.
  • When the bank made in-house audits, it could not discover or report cloud framework issues to the auditors.
  • If anyone raised a concern during the internal audits, none of the executives or stakeholders took the responsibility of resolving the issues.

Because of all these reasons, Capital One could not locate vulnerabilities in its cloud infrastructure. So, OCC found it not complying with the Interagency Guidelines Establishing Information Security Standards. However, the committee acknowledged the bank’s promptness in notifying customers and redressal processes.

The Federal Reserve Board further added a cease-and-desist order in light of the 2019 data breach. The bank must improve its risk management structure, governance, and network security. It should also submit an action plan within three months and state how it intends to achieve these goals.

To view the original article, visit the following link: https://www.complianceweek.com/regulatory-enforcement/occ-fines-capital-one-80m-over-2019-data-breach/29294.article

Show More
Back to top button
X

We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.