Capital One Data Breach Compromised The Personal Information of 106 Million Customers In 2019 

Capital One Financial has been fined $80 million by the FDIC for a 2019 data breach. The breach comprised the personal information of 106 million credit cardholders and applicants.

The Federal Reserve Board also demanded the company enhance its risk-management program and related governance and controls around cybersecurity and information security.

The hack took place when the bank transferred information-technology operations to the public cloud. It was one of the largest-ever data breaches of a big bank.

The Office of the Comptroller of the Currency said the bank failed to establish effective risk assessment processes. The OCC also alleged Capital One failed to correct the deficiencies in a timely manner.

The bank said it has since beefed up its cybersecurity. Capital One said in a statement to the Wall Street Journal:

In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses.

Transgender Hacker Indicted For Capital One Data Breach

Prosecutors accused alleged transgender hacker Paige A. Thompson of breaking through the bank’s firewall. Thompson is a former Amazon systems engineer. She accessed the data from Amazon’s cloud service. 

The hack exposed the addresses, dates of birth, self-reported incomes of individuals of current Capital One customers. It also exposed the information of the people who applied for Capital One credit cards between 2005 and early 2019.

Some customers also had their social security numbers, bank account numbers, credit scores and payment histories exposed.