Security News > 2020 > August > Capital One fined $80m for shoddy public cloud security. Yeah, same bank in that 106m customer-record hack

Capital One fined $80m for shoddy public cloud security. Yeah, same bank in that 106m customer-record hack
2020-08-07 01:22

Capital One must pay a trivial $80m fine for its shoddy public cloud security - yes, the US banking giant that was hacked last year by a miscreant who stole personal information on 106 million credit-card applicants in America and Canada.

"The OCC took these actions based on the bank's failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner," the watchdog said in a statement on Thursday.

"In taking this action, the OCC positively considered the bank's customer notification and remediation efforts. While the OCC encourages responsible innovation in all banks it supervises, sound risk management and internal controls are critical to ensuring bank operations remain safe and sound and adequately protect their customers."

Seattle software engineer Paige Thompson was accused of breaking into Capital One's cloud buckets and stealing tons of personal data belonging to customer.

"Safeguarding our customers' information is essential to our role as a financial institution," a spokesperson for Capital One told The Register.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/08/07/capital_one_fine/