Capital One has agreed to a $80 million fine from US regulators over last year's hack which exposed the personal information of more than 100 million customers and applicants.
The Office of the Comptroller of the Currency (OCC) calculated the fine based on a "failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner".
Capital One revealed last July that a hacker accessed information relating to about 100 million American and six million Canadian customers that was stored on Amazon Web Services cloud servers.
The following month, software engineer Paige Thompson was indicted for wire fraud and computer data theft related to alleged unauthorised intrusion into stored data of more than 30 companies, including Capital One.
According to the indictment, Thomson created scanning software that allowed her to identify customers of AWS who had misconfigured their firewalls, allowing outside commands to penetrate and access their servers.
The US regulator also demanded that Capital One improve its risk management programme and related governance and controls, specifically around cyber security.
Commenting on the fine, Mark Bower, senior vice president at data security specialist comforte AG, said that the signal is very clear: the often referenced shared responsibility cloud model means nothing when it’s your data.
"What’s very surprising about this breach is, per Capital One’s prior announcements, only a fraction of the regulated data was properly tokenised - credit card and SSN data - and the rest accessible under attack," he explained, adding that had tokenisation been applied across the full regulated data set, this breach would have been a non-event.
"This fine is the tip of the iceberg - the true cost of remediation, impact, and the reputational loss is likely to be a lot higher - this may also set the tone for secondary litigation, where cost impact can escalate."
Latest News
-
Mastercard plans to phase out manual card and password entry by end of decade
-
Meta handed €800m fine for ‘unfair’ Facebook Marketplace dominance
-
Alan Turing Institute urges action after widespread election disinformation campaigns
-
Which? files £3bn legal claim against Apple over alleged iCloud monopoly
-
EXCLUSIVE: Ofgem makes fresh calls for tech providers to disclose market entry hurdles
-
EU interviews rivals over Novo Holdings' $16.5bn Catalent acquisition
Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.
Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories