After allowing a data breach to affect 100 million Capital One banking customers last year, the financial institution is being fined $80 million for reparations. The breach took place in July 2019 and exposed the personal and financial data of 100 million Americans and 6 million Canadians. The U.S. Office of the Comptroller of the Currency (OCC) issued the fine and Capital One claims that they have bolstered their security efforts to prevent a breach of this scale from happening again. This is not the only financial data breach that has taken place in recent times, and without the proper tools and security protocols, incidents of this magnitude will only become more common.
How Did the Breach Occur?
Reports from the OCC stated that Capital One had not properly assessed the risks of moving their information to the cloud and the company did not recognize these risks in their own audits. In addition, a woman named Paige Thompson was charged with accessing the company’ cloud database including credit card applications after taking advantage of a vulnerable firewall. She worked previously with Amazon Web Services, which Capital One used for their IT infrastructure.
She worked on projects related to the company’s Simple Cloud Storage Service and prosecutors accuse her of stealing data from Capital One among other companies. Her trial is not set until 2021 due to COVID-19 delays, but other underlying problems led to the breach as well.
The OCC report also stated that the bank did not create an effective risk assessment system before moving IT systems to a public cloud. They also did not establish appropriate risk management for their cloud service such as data loss prevention and network security controls. Capital One said that since the attack, they have strengthened their cyber defenses and addressed the security requirements that were sent from the OCC.
Financial Cyberattacks Abound
Capital One is not the only financial institution to be affected by data breaches. Fifth Third Bank exposed customer names, social security numbers, addresses, account numbers, and more in February of 2020. The Dave Mobile Banking App was breached by a third party, exposing account details of over 7.5 million users including names, emails, phone numbers, and birth dates.
Of course not all attacks are on financial institutions, but no breach is a good breach and between January and September of 2019, over 7.9 billion data records were exposed, the Capital One being a part of that time frame. Fines from the federal government have been issued including fines from the Federal Trade Commission for improperly handling personally identifiable information (PII). Though fines are a positive start to enforcing security policies, institutions need to go further to protect personal data.
Data Security for All Industries
Whether you are protecting sensitive data in a financial institution or another type of corporate setting, it is important to protect client information to prevent hefty fines and maintain your reputation as a business. Our line of hardware encrypted SecureDrives are HIPAA and GDPR Compliant and are FIPS 140-2 Level 3 Validated for total protection.
The devices are built with antivirus software to keep malicious files from being transferred to the drive. With unique authentication via PIN or wireless authentication via secure app, your SecureDrive will be the most secure backup system for your massive amounts of sensitive information. To learn more about how these drives can prevent data breaches, call 1-800-388-1266.