Capital One ordered to pay $80 million penalty for its role in a 2019 data breach
Capital One will pay an $80 million civil penalty for its role in a 2019 security breach that exposed the personal data of more than 100 million customers, The Wall Street Journal reported. In a scathing report on its investigation into the breach, the Office of the Comptroller of Currency, part of the US Treasury. said Capital One was aware its security practices were woefully insufficient, and that the company’s board of directors “failed to take effective actions to hold management accountable.”
The breach happened in March and April of 2019, but Capital One was apparently not aware of the problem until mid-July. That’s when someone tipped the company to a public GitHub page where private Capital One data was available. That led investigators to former Amazon cloud employee Paige Thompson, who was charged with wire fraud and computer fraud. Authorities say Thompson was able to exploit a “configuration vulnerability” to extract the Capital One customers’ information and post it to message boards. She pleaded not guilty to the charges and her trial is scheduled for next year.