Capital One has agreed to a $80 million fine from US regulators over last year's hack which exposed the personal information of more than 100 million customers and applicants.
The Office of the Comptroller of the Currency (OCC) calculated the fine based on a "failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner".
Capital One revealed last July that a hacker accessed information relating to about 100 million American and six million Canadian customers that was stored on Amazon Web Services cloud servers.
The following month, software engineer Paige Thompson was indicted for wire fraud and computer data theft related to alleged unauthorised intrusion into stored data of more than 30 companies, including Capital One.
According to the indictment, Thomson created scanning software that allowed her to identify customers of AWS who had misconfigured their firewalls, allowing outside commands to penetrate and access their servers.
The US regulator also demanded that Capital One improve its risk management programme and related governance and controls, specifically around cyber security.
Commenting on the fine, Mark Bower, senior vice president at data security specialist comforte AG, said that the signal is very clear: the often referenced shared responsibility cloud model means nothing when it’s your data.
"What’s very surprising about this breach is, per Capital One’s prior announcements, only a fraction of the regulated data was properly tokenised - credit card and SSN data - and the rest accessible under attack," he explained, adding that had tokenisation been applied across the full regulated data set, this breach would have been a non-event.
"This fine is the tip of the iceberg - the true cost of remediation, impact, and the reputational loss is likely to be a lot higher - this may also set the tone for secondary litigation, where cost impact can escalate."
Latest News
-
FTC launches ‘wide ranging investigation’ into Microsoft
-
Santander to launch SME growth platform
-
Orange partners with OpenAI to develop AI models for African languages
-
Nokia and du complete network slicing trial in UAE
-
Major cyber incident paralyses Wirral Hospital Trust
-
Charity regulator launches guide for fraud and cyber-crime
Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.
Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories