Capital One will pay a $ 80 million civil fine for its role in a 2019 security breach that exposed the personal data of more than 100 million customers, The Wall Street Journal report. In a scandalous report on his investigation into the burglary, the Office of the Comptroller of Currency, part of the US Treasury. said Capital One was aware that the security practices were miraculous enough, and that the company’s management “took ineffective actions to hold management accountable.”
The burglary occurred in March and April of 2019, but Capital One was apparently unaware of the problem until mid-July. That’s when someone tipped the company to a public GitHub page where private data from Capital One was available. That led investigators to former Amazon employee Paige Thompson, who was accused of wire fraud and computer fraud. Authorities say Thompson could use “configuration security” to extract the information from Capital One’s customers and post it to message boards. She pleaded not guilty to the charges and her trial is scheduled for next year.
The OCC took these actions on the basis of the bank’s failure to establish effective risk assessment processes before migrating key information technology operations to the public welcome environment and the bank’s failure to address its deficits. time to correct, ”the OCC said in a statement announcing the sentence.
As part of an OCC approval mandate, Capital One is due to set up a founding committee by the end of August, which will meet in early October and provide regular updates. The company is required to create an action plan to detail what steps it is taking to improve safety.
A spokesman for One Capital said in an email The edge that the company checking that was set up for last year’s incident “enabled us to secure our data before any customer information could be used or disseminated and helped authorities quickly arrest the hacker.” Since the incident, the spokesman added, the company has “have invested significant additional resources in further strengthening our cyber defense, and have made substantial advances in addressing the requirements of these orders. ”
The fine will be paid to the Treasury Department.
UPDATE 8 AUGUST 10:38 AM ET: Adds statement from Capital One spokesperson
