Virginia-based banking and holding company Capital One Financial Corp. has been ordered to pay $80 million as a result of an online security breach that exposed the personal data of more than 100 million customers.
Capital One executives and its directors were found guilty of failing to implement effective solutions to remedy the issue in a timely manner.
The U.S. Treasury's Office of the Comptroller of Currency filed a civil suit against Capital One in April last year. The agency accused Capital One of being negligent in addressing weaknesses in its database security.
The regulatory agency published the findings of its investigation late last week. Investigators found the company was aware of existing inadequacies in its security practices.
The office said in a statement that announced the penalty that the bank had failed to assess risks involved in its information technology operations. Included was a failure to launch a risk assessment for the migration of its operations to the cloud.
Apart from the penalty, the office also ordered Capital One to establish a compliance committee before the end of August. The committee will be required to meet quarterly and submit regular updates to the office about its efforts to improve its network and operational security.
In response a Capital One representative said the company had invested a lot of resources to strengthen its online security. The representative said the company had been working with the regulator to ensure it followed all orders and guidelines relating to the investigation.
The breach in Capital One's network originally occurred between March 2019 and April 2019, according to investigators. However, the company became aware of the breach in mid-July only after it was informed some customer's personal data was for sale on the dark web.
Authorities named former Amazon employee Paige Thompson as the main culprit. Thompson has been charged with computer and wire fraud. The technician reportedly took advantage of a database exploit which allowed her to extract personal data and other information of millions of Capital One customers. Thompson is scheduled to go on trial next year. She has repeatedly claimed she isn't guilty.
