The Office of the Comptroller of the Currency (OCC) has imposed a $80 million fine against Capital One, N.A. related to its handling of a 2019 cybersecurity incident impacting sensitive financial records belonging to 100 million US consumers.
On top of the hefty fine, Capital One will also be required to implement significant internal controls, including improving its cybersecurity practices and establishing a Compliance Committee with at least three members who are not bank officers. The Bank will also have to craft plans that document the expected and potential threats created from using technology.
The incident was made public in July 2019 after Capital One announced a hacker was able to unlawfully access the vast trove of data it stored on commercial cloud servers the bank was using, and siphoning off sensitive financial information belonging to more than 100 million Americans. Federal authorities later arrested and charged Paige A. Thompson with illegally accessing the bank’s files.
For more information on this enforcement action, please review the formal materials below, and do not hesitate to contact the author at firstname.lastname@example.org
"While the OCC encourages responsible innovation in all banks it supervises, sound risk management and internal controls are critical to ensuring bank operations remain safe and sound and adequately protect their customers." Office of the Comptroller of the Currency