Capital One is facing a penalty for its giant 2019 data breach, although it might not be as serious as you’d expect. The Wall Street Journal (via The Verge) reports that the Office of the Comptroller of the Currency has fined Capital One $80 million over the security failings that led to the breach. The bank didn’t create an “effective” risk assessment system before moving key IT systems to the public cloud, the OCC said, and didn’t address the flaws in a “timely manner.”
The alleged intruder, Paige Thompson, is believed to have taken advantage of a “misconfigured” firewall for a web app to steal data that compromised about 100 million people in the US, plus another 6 million in Canada. Her trial starts in 2021.