Capital One fined $80 million over 2019 data breach

This is despite the breach hurting 100 million people in the US.

Sponsored Links

NEW YORK, NY - JULY 30: A man uses the ATM at a Capital One bank in Midtown Manhattan on July 30, 2019 in New York City. In one of the largest-ever thefts of bank data, a software engineer in Seattle was arrested for hacking into a Capitol One server and obtaining the personal data of over 100 million people. The data includes social security numbers, bank account numbers, names, addresses, credit scores, credit limits, balances, and other information. (Photo by Drew Angerer/Getty Images)
Drew Angerer/Getty Images

Capital One is facing a penalty for its giant 2019 data breach, although it might not be as serious as you’d expect. The Wall Street Journal (via The Verge) reports that the Office of the Comptroller of the Currency has fined Capital One $80 million over the security failings that led to the breach. The bank didn’t create an “effective” risk assessment system before moving key IT systems to the public cloud, the OCC said, and didn’t address the flaws in a “timely manner.”

The alleged intruder, Paige Thompson, is believed to have taken advantage of a “misconfigured” firewall for a web app to steal data that compromised about 100 million people in the US, plus another 6 million in Canada. Her trial starts in 2021.

A bank spokesperson said the company had since poured “significant” resources into bolstering its security and otherwise addressing orders from both the OCC and the Federal Reserve.

The payout isn’t small, but it might not make many victims happy. The breach exposed sensitive details like addresses, reported income and (in some cases) account numbers and credit scores. Capital One did provide free credit monitoring and identity theft protection after the incident, but the payout still amounts to about 75 cents per person affected in North America. Like the Equifax breach, the compensation may seem small compared to the security precautions and stress inflicted on affected people.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget