Last year the data breach that have affected Capital One caused the personal data sharing of about 106 millions clients and credit cards applicants, and already at that time the american bank society expected that the breach will have an impact with costs in short term among 100 and 150 million dollars, but now comes the whammy by the Government and the Federal REserve with a maxi sanction of 80 million dollars.
Like the Washington Business Journal, the Capital One admitted that the massive data breach was caused by a “specific vulnerability into the configuration” which has been later resolved.
The Office of the Comptroller of the Currency, which is a federal government agency has the function of regulate and control all the US banks and their foreing banks branches in the USA, argues that the Capital One can not establish efficient risk assess processes before the migration into a cloud environment, but the Capital One has neither admitted nor denied.
Into the governamental order, that has been followed by a cease and desistance order, it is affirmed that “the internal audit of the bank could not identify the numerous vulnerabilities and lacks in controls into the operational cloud environment.”
However, the federal US agency has taken note that the Capital One “has faced with the identify corrective action and it is committed to providing resources to address the shortcomings,” although the bank will have to submit progress reports within 45 days of the end of each quarter on all actions taken to comply with regulator’s requirements.
SOURCE: FEDERPRIVACY