The Office of the Comptroller of the Currency (OCC) has imposed a $80 million fine against Capital One, N.A. related to its handling of a 2019 cybersecurity incident impacting sensitive financial records belonging to 100 million US consumers.

On top of the hefty fine, Capital One will also be required to implement significant internal controls, including improving its cybersecurity practices and establishing a Compliance Committee with at least three members who are not bank officers.  The Bank will also have to craft plans that document the expected and potential threats created from using technology.

The incident was made public in July 2019 after Capital One announced a hacker was able to unlawfully access the vast trove of data it stored on commercial cloud servers the bank was using, and siphoning off sensitive financial information belonging to more than 100 million Americans.  Federal authorities later arrested and charged Paige A. Thompson with illegally accessing the bank’s files.

For more information on this enforcement action, please review the formal materials below, and do not hesitate to contact the author at