Capital One Bank Hit With $80 Million Fine Over Cybersecurity Issues, Hacking Incident

The Office of the Comptroller of the Currency (OCC) said on Thursday that it slapped an $80 million fine against Capital One Bank related to a data breach incident from 2019 that impacted more than 100 million people.

The fine was assessed over the bank’s failure to establish “effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment” as well as the bank's “failure to correct the deficiencies in a timely manner.”

OCC is an independent bureau within the U.S. Department of the Treasury.

OCC noted that while it “encourages responsible innovation” in all the banks it supervises, “sound risk management and internal controls are critical to ensuring bank operations remain safe and sound and adequately protect their customers.”

Capital One will also have to upgrade its cybersecurity defenses and offer a plan to the Federal Reserve within 90 days detailing such measures.

The Wall Street Journal reported that the fine relates to a hack that caused a massive data breach at Capital One in 2019.

But the bank said it has already made changes to its cybersecurity structures.

“The controls we put in place before last year’s [hacking] incident enabled us to secure our data before any customer information could be used or disseminated and helped authorities quickly arrest the hacker,” the bank stated. “In the year since the incident, we have invested significant additional resources into further strengthening our cyberdefenses, and have made substantial progress in addressing the requirements of these orders.”

Prosecutors said a woman named Paige A. Thompson, a former employee of Amazon Web Services, broke through Capital One’s firewall to access data it stored on Amazon’s cloud service. That hack exposed information including addresses, dates of birth, Social Security numbers, credit scores and incomes of individuals and small business owners who had applied for Capital One credit cards between 2005 and early 2019.

Fox News reported that hack affected more than 106 million people in the U.S. and Canada, making it one of the biggest data breaches in history.

Thompson has since pleaded not guilty to charges of wire fraud, computer fraud and abuse. Her trial is slated to commence next year.