Capital One fined $80 Million for 2019 Data Breach affecting 106 Million Users

August 17, 2020
capital one fined 8 million dollars 2019 data breach compromised data third party risk assessment

The Capital One Financial Corporation was fined by the U.S. Treasury Department for $80 million for last year’s hack that exposed the personal information of the 106 million credit card information of the bank.

According to the Office of the Comptroller of the Currency, they were able to identify “numerous weaknesses” on the management of the bank’s cloud environment. The bank was not able to establish proper risk management before migrating its I.T. Operations to cloud-based service that includes the design of network security controls, data loss prevention, and appropriate configuration of alerts.

It was revealed by OCC on their internal audit in back in 2015, Capital One has left some innumerable fallibility in their Cloud-based data such as unpatched security vulnerabilities and violated the Interagency Guidelines Establishing Information Security Standards – security guidelines that require financial institutions to secure and appropriate elimination of customer’s information.

These treacherous practices of Capital One Financial Corporation are the cause of the massive breach in 2019 that allowed a hacker to acquire credit card information of 106 million of the bank’s customers. The stolen data was the data of the customers that have applied for credit cards between the years 2005 – 2019. The 100 million data of credit card applicants said to be from the United States and 6 million in Canada.


capital one 2019 breach penalty image 1



The hacker identified as Paige Thompson, which was a former Amazon Web Services software engineer, worked as a contractor for Capital One in 2015- 2016.


Aside from the credit card information, he also stolen 140 Social Security numbers and 80,000 Account numbers of U.S. Customers and about 1 million Canadian Social Insurance numbers.

Thompson allegedly started the attack by exploiting a misconfigured Firewall on the bank’s Amazon Web Services cloud server that has allowed him to acquire 700 folders of data stored in the bank’s server back in March 2019. He was fined $250, 000 and will serve five years in prison.

Aside from the civil money penalty of $80 million, the Comptroller of the Currency (OCC) commanded the bank to amplify their Security defenses and ordered them to provide a proposal within 90 days to illustrate their new game plan.

Capital One Financial Corporation is an American financial institution that is founded in 1994, headquartered in McLean, Virginia, and reportedly has USD 28.08 billion in revenue in 2018. Capital One was the 5th largest credit card issuer by purchase volume in 2016.

About the author

Leave a Reply