Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
Giant sanction of 80 million dollars for Capital One Bank for a data breach.

Giant sanction of 80 million dollars for Capital One Bank for a data breach.

Last year the data breach that have affected Capital One caused the personal data sharing of about 106 millions clients and credit cards applicants, and already at that time the american bank society expected that the breach will have an impact with costs in short term among 100 and 150 million dollars, but now comes the whammy by the Government and the Federal REserve with a maxi sanction of 80 million dollars.

Like the Washington Business Journal, the Capital One admitted that the massive data breach was caused by a “specific vulnerability into the configuration” which has been later resolved.

The Office of the Comptroller of the Currency, which is a federal government agency has the function of regulate and control all the US banks and their foreing banks branches in the USA, argues that the Capital One can not establish efficient risk assess processes before the migration into a cloud environment, but the Capital One has neither admitted nor denied.

Into the governamental order, that has been followed by a cease and desistance order, it is affirmed that “the internal audit of the bank could not identify the numerous vulnerabilities and lacks in controls into the operational cloud environment.”

However, the federal US agency has taken note that the Capital One “has faced with the identify corrective action and it is committed to providing resources to address the shortcomings,” although the bank will have to submit progress reports within 45 days of the end of each quarter on all actions taken to comply with regulator’s requirements.

SOURCE: FEDERPRIVACY

Recommended to you

Advanced Research