Security News > 2020 > August > Capital One fined $80m for shoddy public cloud security. Yeah, same bank in that 106m customer-record hack
Capital One must pay a trivial $80m fine for its shoddy public cloud security - yes, the US banking giant that was hacked last year by a miscreant who stole personal information on 106 million credit-card applicants in America and Canada.
"The OCC took these actions based on the bank's failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner," the watchdog said in a statement on Thursday.
"In taking this action, the OCC positively considered the bank's customer notification and remediation efforts. While the OCC encourages responsible innovation in all banks it supervises, sound risk management and internal controls are critical to ensuring bank operations remain safe and sound and adequately protect their customers."
Seattle software engineer Paige Thompson was accused of breaking into Capital One's cloud buckets and stealing tons of personal data belonging to customer.
"Safeguarding our customers' information is essential to our role as a financial institution," a spokesperson for Capital One told The Register.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/08/07/capital_one_fine/
Related news
- Whitepaper: Reach higher in your career with cloud security (source)
- Transforming cloud security with real-time visibility (source)
- Top 5 Cloud Security Automations for SecOps Teams (source)
- Microsoft lost some customers’ cloud security logs (source)
- How AI Is Changing the Cloud Security and Risk Equation (source)
- Strategies for CISOs navigating hybrid and multi-cloud security (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- Enhancing visibility for better security in multi-cloud and hybrid environments (source)