The US-based diversified banking company, Captial One has been fined $80 million by the US Treasury Department for the below-par network security practices that allowed a breach in its systems revealing the personal information of its 106 million credit cardholders.
Authorities said in a consent order that the lender failed to establish effective risk management when it migrated information technology operations to a cloud-based service in 2015.
The order referred that the bank’s own internal audit failed to identify “numerous weaknesses” in its management of the cloud environment and “engaged in unsafe or unsound practices that were part of a pattern of misconduct.”
Capital One has subsequently committed to fixing the problem.
The 2019 breach at the bank, the accused hacker, former Amazon software engineer Paige Thompson exposed about 140,000 Social Security numbers and 80,000 bank account numbers. No evidence has emerged that Thompson sought to benefit financially from the hack.