Capital One has agreed to a $80 million fine from United States regulators over a 2019 hack which exposed the personal information of more than 100 million customers and applicants.
According to a press release published by the OCC on Thursday, Capital One failed to establish appropriate risk management before migrating its IT operations to a public cloud-based service, which included appropriate design and implementation of certain network security controls, adequate data loss prevention controls, and effective dispositioning of alerts.
The company agreed to pay $80 million to the OCC without admitting or denying the allegations. The hacker, identified as former Amazon web services employee Paige Thompson a.k.a erratic, 33, was arrested following the breach and charged with computer fraud and abuse, which carries up to five years in prison and a $250,000 fine. Capital One was using Amazon Web Services, a subsidiary of the Seattle-based tech giant that offers cloud computing services.
"Safeguarding our customers' information is essential to our role as a financial institution", said a bank representative in a statement. Equifax reached a $700 million settlement with regulators over that breach.
"In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders", Capital One said.
When it announced the breach previous year, Capital One emphasized that no credit card numbers or log-in credentials were compromised, nor were the vast majority of Social Security numbers on the affected applications.
The 2019 breach did not expose credit card account information, but about 140,000 Social Security numbers and 80,000 linked bank account numbers were compromised.
"We appreciate our regulators' recognition of our positive customer notification and remediation efforts, and remain committed to working closely with them to ensure that we meet the highest standards of protection for our customers", the company spokesperson said.