The Ministry of Finance of USA has fined Capital One $ 80.000.000 for allegedly following "careless" practices that allowed someone to "invade" the bank and gain access to the personal data of 106 million credit card holders. In particular, the ministry reported that Capital One failed to establish effective risk management when it transferred confidential information to a cloud-based service. In addition, the bank's internal audit failed to identify many significant weaknesses in the way it managed its cloud environment, thus engaging in unsafe or unfounded practices that had a negative impact on both itself and its customers. of. These factors led to a bank hack in 2019, which resulted in the leakage of personal information and data customers.
The Capital One hack came to light on July 29, 2019. This happened when a former employee of Amazon Web Services (AWS) acquired access in cloud AWS servers of Capital One and downloaded many GBs of information, including the personal and financial data of more than 100 million Americans and 6 million Canadians.
This hack is considered one of the biggest hacks of its kind, endangered about 140.000 social security numbers and 80.000 bank account numbers.
Federal authorities arrested a woman by name Paige A. Thompson, also known as "erratic" which was behind her invasion. Thompson has been charged with several counts scams in U.S. court in Seattle. A subsequent search of her home revealed files and items suggesting that 30 more companies may have been the target of an attempted or actual cyber-intrusion.
The fine imposed on Capital One comes to confirm that the critics were right in their assessments of the 2019 hack. For now, however, Capital One has not made any official announcement regarding the fine.