One of the credit card provider Capital One Financial Corp was fined $80 million for the last year’s Capital One data breach that has exposed the personal information of more than 100 million American people.
The Office of the Comptroller of the Currency (OCC), an independent bureau in the United States Department of Treasury it executes the law relating to the national bank.
The Capital One data breach
After a press release published by OCC on Thursday, OCC said that the credit card provider had failed to establish risk management in their cloud-based server.
The OCC also said that Capital One, credit card provider had also exposed numerous vulnerability in an internal security audit which they failed to patch those vulnerabilities and thus violated Interagency Guidelines Establishing Information Security Standards.
Due to this poor security practices of credit card service provider had resulted in such a massive data breach last year when a hacker was able to steal credit card information of 106 million peoples of Capital One customers.
Not limited to this the hacker was also able to steal approx 40,000 Social Security numbers and 80,000 bank account numbers linked to US customers, and 1 million Canadian Social Insurance numbers.
The hacker behind the Capital One data breach named Paige Thompson also a former Amazon web services employee exploited the flaw but later he was arrested and charged for doing computer fraud and abuse and sentenced up to five years of prison and $250,000 fine.
Thompson exploited the misconfigured firewall on Capital One’s Amazon Web Services cloud server in March and unauthorizedly stolen more than 700 folders of data stored on that server.
Also, the OCC has ordered Capital One to enhance their cybersecurity defence mechanism and submit a plan to the OCC within 90 days of the plan period and how they are planning to implement it.