Latest in Gear

Image credit: Drew Angerer/Getty Images

Capital One fined $80 million over 2019 data breach

This is despite the breach hurting 100 million people in the US.
Jon Fingas, @jonfingas
August 9, 2020
Comments
287 Shares
Share
Tweet
Share

Sponsored Links

NEW YORK, NY - JULY 30: A man uses the ATM at a Capital One bank in Midtown Manhattan on July 30, 2019 in New York City. In one of the largest-ever thefts of bank data, a software engineer in Seattle was arrested for hacking into a Capitol One server and obtaining the personal data of over 100 million people. The data includes social security numbers, bank account numbers, names, addresses, credit scores, credit limits, balances, and other information. (Photo by Drew Angerer/Getty Images)
Drew Angerer/Getty Images

Capital One is facing a penalty for its giant 2019 data breach, although it might not be as serious as you’d expect. The Wall Street Journal (via The Verge) reports that the Office of the Comptroller of the Currency has fined Capital One $80 million over the security failings that led to the breach. The bank didn’t create an “effective” risk assessment system before moving key IT systems to the public cloud, the OCC said, and didn’t address the flaws in a “timely manner.”

The alleged intruder, Paige Thompson, is believed to have taken advantage of a “misconfigured” firewall for a web app to steal data that compromised about 100 million people in the US, plus another 6 million in Canada. Her trial starts in 2021.

A bank spokesperson said the company had since poured “significant” resources into bolstering its security and otherwise addressing orders from both the OCC and the Federal Reserve.

The payout isn’t small, but it might not make many victims happy. The breach exposed sensitive details like addresses, reported income and (in some cases) account numbers and credit scores. Capital One did provide free credit monitoring and identity theft protection after the incident, but the payout still amounts to about 75 cents per person affected in North America. Like the Equifax breach, the compensation may seem small compared to the security precautions and stress inflicted on affected people.

In this article: Capital One, Data breach, breach, security, internet, Government, office of the comptroller of the currency, OCC, banking, data, news, gear
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
287 Shares
Share
Tweet
Share

Popular on Engadget

Presenting the Best of CES 2021 winners!

Presenting the Best of CES 2021 winners!

View
Donald Trump pardons ex-Waymo, Uber engineer Anthony Levandowski

Donald Trump pardons ex-Waymo, Uber engineer Anthony Levandowski

View
Synthetic cornea helped a legally blind man regain his sight

Synthetic cornea helped a legally blind man regain his sight

View
Paramount+ will replace CBS All Access on March 4th

Paramount+ will replace CBS All Access on March 4th

View
Tesla is hiring people to handle complaints people tweet at Elon Musk

Tesla is hiring people to handle complaints people tweet at Elon Musk

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr