- Joined
- May 15, 2016
- Messages
- 14,516
- Likes
- 2,645
- Points
- 1,730
All money must be paid to the US Treasury Department.
The American bank holding company Capital One Financial Corporation, which specializes in credit cards and car loans, is obliged to pay a fine of $ 80 million due to the poor security of the public cloud.
Last year, a former Amazon employee hacked into the banking giant's database and stole the personal information of more than 100 million US residents and 6 million Canadian residents. The leak affected 140,000 cardholders' social security numbers, about 80,000 card-linked bank account numbers, as well as one million Canadian social security numbers.
Now, the Office of the Comptroller of the Currency (OCC), an independent bureau of the US Treasury Department, has announced a fine on Capital One for transferring on-premises IT systems in 2015 to cloud storage, putting customer data at risk.
“The bank was unable to establish effective risk assessment processes prior to moving significant IT operations to a public cloud environment, and was unable to fix vulnerabilities in a timely manner,” the OCC said.
The bank also hid numerous vulnerabilities in its cloud storage during an internal audit in 2015. And the vulnerabilities that were discovered were not properly reported to the audit committee. Capital One was unable to fix the vulnerabilities and, as a result, violated official security rules that all US banks must comply with.
__________________
The American bank holding company Capital One Financial Corporation, which specializes in credit cards and car loans, is obliged to pay a fine of $ 80 million due to the poor security of the public cloud.
Last year, a former Amazon employee hacked into the banking giant's database and stole the personal information of more than 100 million US residents and 6 million Canadian residents. The leak affected 140,000 cardholders' social security numbers, about 80,000 card-linked bank account numbers, as well as one million Canadian social security numbers.
Now, the Office of the Comptroller of the Currency (OCC), an independent bureau of the US Treasury Department, has announced a fine on Capital One for transferring on-premises IT systems in 2015 to cloud storage, putting customer data at risk.
“The bank was unable to establish effective risk assessment processes prior to moving significant IT operations to a public cloud environment, and was unable to fix vulnerabilities in a timely manner,” the OCC said.
The bank also hid numerous vulnerabilities in its cloud storage during an internal audit in 2015. And the vulnerabilities that were discovered were not properly reported to the audit committee. Capital One was unable to fix the vulnerabilities and, as a result, violated official security rules that all US banks must comply with.
__________________