Capital One fined $80 million over 2019 data breach

This is despite the breach hurting 100 million people in the US.

Sponsored Links

Capital One is facing a penalty for its giant 2019 data breach, although it might not be as serious as you’d expect. The Wall Street Journal (via The Verge) reports that the Office of the Comptroller of the Currency has fined Capital One $80 million over the security failings that led to the breach. The bank didn’t create an “effective” risk assessment system before moving key IT systems to the public cloud, the OCC said, and didn’t address the flaws in a “timely manner.”

The alleged intruder, Paige Thompson, is believed to have taken advantage of a “misconfigured” firewall for a web app to steal data that compromised about 100 million people in the US, plus another 6 million in Canada. Her trial starts in 2021.

A bank spokesperson said the company had since poured “significant” resources into bolstering its security and otherwise addressing orders from both the OCC and the Federal Reserve.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

The payout isn’t small, but it might not make many victims happy. The breach exposed sensitive details like addresses, reported income and (in some cases) account numbers and credit scores. Capital One did provide free credit monitoring and identity theft protection after the incident, but the payout still amounts to about 75 cents per person affected in North America. Like the Equifax breach, the compensation may seem small compared to the security precautions and stress inflicted on affected people.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget