Capital One has been fined about $80m following its 2019 breach. As per a statement from the Office of the Comptroller of the Currency (OCC), such a stringent action was taken against the bank due to its failure to establish effective risk assessment processes before migrating significant IT operations to the public cloud environment. It was also led by the bank’s failure to take corrective actions on the security deficiencies in a timely manner.
The breach was reported in March 2019, when Paige Thomson, a former employee of Capital One, exfiltrated the data of 100 million US citizens and about 6 million in Canada, exploiting a security weakness in the configuration of perimeter controls to get access to sensitive files housed in the cloud storage.
Source: Infosecurity