As a result of a 2019 breach, Capital One is facing a penalty payment of $80 million. The fine came from the Office of the Comptroller of the Currency. The penalty is over failed security measures involving moving key IT systems to the public cloud in a timely manner.
In a scathing report, the OCC stated that, “The Bank’s internal audit failed to identify numerous control weaknesses and gaps in the cloud operating environment. Internal audit also did not effectively report on and highlight identified weaknesses and gaps to the Audit Committee.”
The breach took place in March-April, though Capital One was not aware of the breach until July. Capital One suffered what they refer to as a “security incident”, in which a hacker gained access to 100 million credit card applications and accounts in America, as well as 6 million in Canada. Alleged Capital One hacker Paige Thompson accessed 140,000 social security numbers, 1 million social insurance numbers and 80,000 bank accounts.
Capital One claims they are working to better secure their systems. “In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders”, they said in a statement.
This is the first payment that Capital One has suffered. The company only initially offered free credit monitoring to consumers that were affected by the breach.