(Reuters) – Capital One Financial Corp. will pay an $ 80 million penalty to a US bank regulator after the bank suffered a huge data breach a year ago.
The fine, announced Thursday by the Office of Currency Control, punishes the bank for not identifying and managing the risk adequately because it moved significant parts of its technical operations to the cloud.
"Protecting our customers' information is crucial to our role as financial institutions," a bank representative said in a statement. "During the year since the incident, we have invested significant additional resources to further strengthen our cyber defenses and have made significant progress in meeting the requirements of these orders."
In July 201
The OCC stated in its agreement that the bank failed to identify and manage risks until the move to cloud storage, and lacked adequate network security and data prevention controls. The supervisory authority also said that when the internal audit identified problems, the bank's board did not succeed in holding management accountable.
The 2019 crime did not reveal credit card information, but about 140,000 social security numbers and 80,000 linked bank account numbers were compromised.
The OCC also ordered the Bank to review its activities to ensure that it adequately protects against general cyber security risks and risks specific to cloud operations and to submit these plans for review. The bank is facing similar increased supervision from the Federal Reserve.