Advertisement

Capital One fined $80 million over data breach

Capital One sign on a building in Manhattan in 2019.
The Treasury Department has fined Capital One $80 million for careless network security practices that enabled a hack.
(Drew Angerer / Getty Images)
Share via

The Treasury Department has fined Capital One $80 million for careless network security practices that enabled a hack that accessed the personal information of 106 million of the bank’s credit card holders.

The comptroller of the currency said in a consent order Thursday that Capital One failed to establish effective risk management when it migrated information technology operations to a cloud-based service.

It said the bank’s own internal audit failed to identify “numerous weaknesses” in its management of the cloud environment and “engaged in unsafe or unsound practices that were part of a pattern of misconduct.”

Advertisement

The consent order said Capital One has committed to fixing the problem. Capital One didn’t immediately respond to an email requesting comment.

Among the largest of its kind on record, the 2019 breach compromised about 140,000 Social Security numbers and 80,000 bank account numbers. Former Amazon software engineer Paige Thompson has pleaded innocent to charges related to the breach.

Thompson is set to stand trial in February.

No evidence has emerged that Thompson sought to benefit financially from the hack.

Advertisement