Capital One Financial must pay an USD 80 million fine over issues related to a data breach in 2019 that exposed more than 106 million records of customers and credit card applicants.
The bank must enter a consent order with its regulator, the Office of the Comptroller of the Currency. According to the bank, the breach happened due to ‘a specific configuration vulnerability’ that had since been fixed. The regulator found that the bank failed to establish effective risk assessment processes prior to migrating to a cloud environment.
Furthermore, the Federal Reserve also required Capital One to comply with the OCC order and to submit a series of written plans within 90 days to strengthen oversight of Capital One’s risk management program, its internal controls, and governance and other items identified by the Fed.
The bank will also need to submit progress reports within 45 days of the end of each quarter on all the actions it has taken to comply with the order.
According to Biz Journals, Capital One said in a statement that the controls the bank put in place in 2019 before the incident meant the customer information was secured before it could be used or disseminated.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now