Capital One fined $80M by regulators over 2019 data breach, agrees to improvements
Capital One Financial Corporation has agreed to enter a consent order with the Office of the Comptroller of the Currency (OCC) and pay an $80 million dollar fine for a data breach that occurred in 2019. The breach exposed more than 106 million Capital One customers and credit card applicants after the company suffered from a configuration error. However, the OCC stated that the bank failed to practice proper security measures and establish a sufficient risk assessment process before moving sensitive data to a cloud environment.
According to the consent order, Capital One has not admitted or denied the OCC’s claims over improper cybersecurity measures. The consent order also states that the bank failed to identify gaps in the cloud operating environment, putting its customers at risk. Capital One has allegedly been taking steps to prevent similar breaches in the future. The Federal Reserve also issued a cease and desist order related to the breach that requires the bank to comply with the consent order released by the OCC.