WASHINGTON (Fox News): A top banking regulator has fined Capital One $80 million over a data breach last year that exposed the personal information of more than 100 million people.
The Office of the Comptroller of the Currency said Thursday the bank failed to “establish effective risk assessment processes” before transferring its operations to the public cloud and did not “correct the deficiencies in a timely manner.”
Capital One will also be required to enhance its cybersecurity security defenses and submit a plan to the Federal Reserve within 90 days outlining how it intends to do so. They must also submit an internal audit of the firm’s risk management program.
The Virginia-based bank said it has already taken steps to tighten security around its customer information.
“Safeguarding our customers’ information is essential to our role as a financial institution,” the bank said in a statement. “The controls we put in place before last year’s incident enabled us to secure our data before any customer information could be used or disseminated and helped authorities quickly arrest the hacker. In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders.”
Prosecutors have accused Paige A. Thompson, a former employee of Amazon Web Services, of hacking the bank and charged her with a single count of computer fraud and abuse in U.S. District Court in Seattle. Thompson has pleaded not guilty and is awaiting trial.
The data breach involved about 100 million people in the U.S. and 6 million in Canada, making it one of the largest-ever data breaches of a big bank.