Capital One

History

2022: Amazon employee Thompson Page steals data from the bank's 100 million customers. He was given a term

In early October 2022, a former Amazon engineer was convicted of seven counts of fraud after the personal data of more than 100 million bank customers was stolen from unsecured accounts on a cloud platform. Read more here.

2020: $80 million fine for leaking customer data

On August 6, 2020, Capital One agreed to pay a $80 million fine and strengthen security measures, the neglect of which led to a large-scale theft of user data in July 2019.

The Office of the Controller of Money Circulation (OCC), together with an independent bureau of the Ministry of Finance USA , decided to impose a fine on a banking company for improper protection of user data when moving local IT systems to cloud storage in 2015.

The OCC made such a decision based on the fact that the bank was unable to establish effective risk assessment processes before moving a significant amount of operations from the information technology field to the public cloud environment, and also failed to timely fix vulnerabilities. - the OCC said in a statement - while the OCC encourages responsible innovation at all banks that the agency controls, prudent risk management and internal controls are critical to ensuring the safety and reliability of banking operations and adequately protecting customers.

Capital One will pay a fine of $80 million for the largest leakage of customer data in the history of banks

In addition, Capital One hid numerous vulnerabilities in its cloud-based data warehouse during an internal audit in 2015. The company also flouted a rule that obliges it to report deficiencies to the audit committee. Capital One did not take care to fix the vulnerabilities, which violated the US security rules that all US banks must comply with.

US authorities also ordered Capital One to update its risk management program within 90 days. President of the startup Senserva, which specializes in developing software to protect cloud solutions, Casey Kraus noted:

Companies work without thinking that they might once be hacked, so Capital One may not understand all the problems it might have - it's generally difficult to make a plan for improvement without knowing all the areas that can be refined.[1]

2019: 106m customers data breach

At the end of July 2019, it became known about the largest leak of data from bank customers. Capital One financial holding suffered, which estimates the damage at $100-150 million.

As a result of the hack, attackers gained access to the data of 100 million Capital One customers in the United States and 6 million in Canada. Information from applications for credit cards and the data of current holders of such cards were compromised.

Capital One suffers biggest ever bank customer data breach

 The company claims that the data of the credit cards themselves (numbers, CCV codes, etc.) remained safe, but 140 thousand social security numbers and 80 thousand bank accounts were stolen.

In addition, fraudsters got credit stories, statements, addresses, dates of birth and salaries of clients of a financial institution.

In Canada, about a million social insurance numbers were compromised. Finally, hackers got data on card transactions scattered across 23 days for 2016, 2017 and 2018.

Capital One conducted an internal investigation, following which it stated that the stolen information was unlikely to be used for fraudulent purposes.

According to The New York Times, 33-year-old Page Thompson from Seattle (Washington) became the alleged culprit of a large-scale data leak. Previously, she worked for a certain IT company that provided data transfer services to Capital One. FBI officers charged the woman with cyber fraud. Presumably, Thompson was able to obtain data due to a vulnerability in the information encryption program used by Capital One.

The suspect will remain in custody until at least August 1, 2019, when the first court hearing in this case will take place.

By the end of July 2019, Capital One ranks 7th among the largest American banks, as well as 3rd position in terms of credit card issuance.^[2]

Notes