Capital One Data Breach Compromised The Personal Information of 106 Million Customers In 2019
Capital One Financial has been fined $80 million by the FDIC for a 2019 data breach. The breach comprised the personal information of 106 million credit cardholders and applicants.
The Federal Reserve Board also demanded the company enhance its risk-management program and related governance and controls around cybersecurity and information security.
The hack took place when the bank transferred information-technology operations to the public cloud. It was one of the largest-ever data breaches of a big bank.
The Office of the Comptroller of the Currency said the bank failed to establish effective risk assessment processes. The OCC also alleged Capital One failed to correct the deficiencies in a timely manner.
The bank said it has since beefed up its cybersecurity. Capital One said in a statement to the Wall Street Journal:
In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses.
Transgender Hacker Indicted For Capital One Data Breach
Prosecutors accused alleged transgender hacker Paige A. Thompson of breaking through the bank’s firewall. Thompson is a former Amazon systems engineer. She accessed the data from Amazon’s cloud service.
The hack exposed the addresses, dates of birth, self-reported incomes of individuals of current Capital One customers. It also exposed the information of the people who applied for Capital One credit cards between 2005 and early 2019.
Some customers also had their social security numbers, bank account numbers, credit scores and payment histories exposed.
The bank said it had some security protocols in place before the hack. The bank said these protocols helped authorities catch the alleged hacker.
Thompson has pleaded not guilty to charges of wire fraud and computer fraud and abuse. Although she admitted to it online. The federal judge handling the case has set a trial date for next year.
She allegedly began attempting to access the bank’s information in March 2019.
Capital One only learned about the hack months later from an outside researcher.
Before the breach was exposed to the public Capital One employee raised concerns about high turnover in its cybersecurity unit.
Write A Comment