BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Capital One to pay $80M fine after data breach

Capital One

(Reuters) — Capital One Financial Corp. will pay an $80 million penalty to a U.S. bank regulator after the bank suffered a massive data breach one year ago.

The fine, announced Thursday by the Office of the Comptroller of the Currency, punishes the bank for failing to adequately identify and manage risk as it moved significant portions of its technological operations to the cloud.

“Safeguarding our customers’ information is essential to our role as a financial institution,” said a bank representative in a statement. “In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders.”

In July 2019, the bank disclosed that personal information including names and addresses of about 100 million individuals in the United States and 6 million people in Canada were obtained by a hacker. The suspected hacker was a former employee of Amazon Web Services, a cloud provider where the bank had moved some of its data.

The OCC said in its consent order that the bank failed to identify and manage risks leading up to the move to cloud storage, and lacked sufficient network security and data loss prevention controls. The regulator also said that when internal auditing did identify issues, the bank's board failed to hold management accountable.

The 2019 breach did not expose credit card account information, but about 140,000 Social Security numbers and 80,000 linked bank account numbers were compromised.

The OCC also ordered the bank to overhaul its operations to ensure it is adequately guarding against general cybersecurity risks and risks specific to cloud operations, and submit those plans for review. The bank faces similar heightened oversight from the Federal Reserve. 



Read Next

  • Capital One shares drop on questions over hack

    (Reuters) — Capital One Financial Corp.’s assurances that a major data breach would have a limited impact on customers or profits failed to convince investors on Tuesday, with the bank’s shares down more than 7%.