Security News > 2020 > August > Capital One fined $80m for shoddy public cloud security. Yeah, same bank in that 106m customer-record hack

Capital One must pay a trivial $80m fine for its shoddy public cloud security - yes, the US banking giant that was hacked last year by a miscreant who stole personal information on 106 million credit-card applicants in America and Canada.
"The OCC took these actions based on the bank's failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner," the watchdog said in a statement on Thursday.
"In taking this action, the OCC positively considered the bank's customer notification and remediation efforts. While the OCC encourages responsible innovation in all banks it supervises, sound risk management and internal controls are critical to ensuring bank operations remain safe and sound and adequately protect their customers."
Seattle software engineer Paige Thompson was accused of breaking into Capital One's cloud buckets and stealing tons of personal data belonging to customer.
"Safeguarding our customers' information is essential to our role as a financial institution," a spokesperson for Capital One told The Register.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/08/07/capital_one_fine/
Related news
- Watch Out For These 8 Cloud Security Shifts in 2025 (source)
- Balancing cloud security with performance and availability (source)
- Avoiding vendor lock-in when using managed cloud security services (source)
- Why multi-cloud security needs a fresh approach to stay resilient (source)
- Cloud security gains overshadowed by soaring storage fees (source)
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security (source)
- Google to purchase Wiz for $32 billion in cloud security play (source)
- Cloud security explained: What’s left exposed? (source)
- Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed (source)
- How CISOs can balance security and business agility in the cloud (source)