Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Businesses United States

Capital One To Pay $80 Million Fine After Data Breach (nytimes.com) 19

Capital One Financial Corp will pay an $80 million penalty to a U.S. bank regulator after the bank suffered a massive data breach one year ago. From a report: The fine, announced Thursday by the Office of the Comptroller of the Currency, punishes the bank for failing to adequately identify and manage risk as it moved significant portions of its technological operations to the cloud. "Safeguarding our customers' information is essential to our role as a financial institution," said a bank representative in a statement. "In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders." In July 2019, the bank disclosed that personal information including names and addresses of about 100 million individuals in the United States and 6 million people in Canada were obtained by a hacker. The suspected hacker was a former employee of Amazon Web Services, a cloud provider where the bank had moved some of its data.
This discussion has been archived. No new comments can be posted.

Capital One To Pay $80 Million Fine After Data Breach

Comments Filter:
  • as a Cap One customer, how much of that goes in my pocket?

    where do these fines go anyway?
    • Re:80 mil huh? (Score:5, Insightful)

      by ShanghaiBill ( 739463 ) on Thursday August 06, 2020 @12:52PM (#60373475)

      as a Cap One customer, how much of that goes in my pocket?

      Zero. This is a fine, paid to the government. It goes to the US Treasury.

      In theory, you will benefit from 25 cents worth of extra government.

      Also, many people whose data was exposed were not Capital One customers.

      • Zero. This is a fine, paid to the government. It goes to the US Treasury.

        In theory, you will benefit from 25 cents worth of extra government.

        Also, many people whose data was exposed were not Capital One customers.

        Puh-lease this isn't going toward extra government, it's just a nuisance fine. That way the agency can pretend they're doing due diligence, the company can act like it stung, because otherwise their legislative / presidential friends would attack the agency / agency funding...

        One of my good friends was an OSHA inspector for many decades after being in the military and an engineer. He could've kept his whole team busy at one plant in his area even if they only arrived every quarter. Yes, there were that

  • Oh, I see.... (Score:5, Insightful)

    by JustAnotherOldGuy ( 4145623 ) on Thursday August 06, 2020 @12:33PM (#60373397) Journal

    "Safeguarding our customer's information is essential to our role as a financial institution," said a bank representative, as he explained how they totally failed at safeguarding their customer's information.

  • by Revek ( 133289 ) on Thursday August 06, 2020 @12:37PM (#60373407)
    Lets face it 80 mil is nothing and really an insult to those they failed. It further undermines efforts to make banks and other financial institutions fix their security problems. If it had been a billion you might see more effort to fix their broke policies and infrastructure.
    • by geekmux ( 1040042 ) on Thursday August 06, 2020 @12:49PM (#60373461)

      Lets face it 80 mil is nothing and really an insult to those they failed. It further undermines efforts to make banks and other financial institutions fix their security problems. If it had been a billion you might see more effort to fix their broke policies and infrastructure.

      Uh, it's probably worse than that.

      A fine of $80 million, most likely means the egregious activity was financially worth it.

      Which means they'll fucking do it again.

      Watch.

      • by Rewind ( 138843 )
        Yeah, I imagine they budget for this under 'rounding errors and Monday details' or some such...
      • /Oblg. Fight Club [youtube.com] Insurance Recall Formula

        • Once saw the decision chart the legal department (large US insurance/mortgage company) used for looking at death claims.

          Below a certain threshold (~$80K) they didn't bother contesting it.
          Above that line, they looked at whether there was anything they could deny it on. Classified as 'Heck no', 'Possibly, but sketchy', 'Likely', and 'Yeah, we can tell the beneficiary to go !@#$ themselves'.

          If a claim fell into the 'sketchy' realm, they looked at the education and financial situation of the beneficiary. No h

    • make banks and other financial institutions fix their security problems.

      The biggest security problem is pretending that semi-public information such as social security numbers are "secrets".

      This is a major reason that America has a much higher rate of identity theft than most other countries.

      Financial institutions should be banned from using SSNs for authentication.

      • by Pascoea ( 968200 )
        Yep. Pretty rediculous. The faster we understand that information like our birthday, SS#, address,etc. are public information* and figure out a more secure means of identifying a person identity theft will continue. (*No matter what steps you take to protect them. As soon as any company has them they are all but guaranteed to be exposed at some point.)
      • You're absolutely right.

        Right here on Slashdot please post you full name, SS number, primary mailing address, phone numbers, driver's license number, passport number if you have one, all credit card numbers/online passwords, email address/password, parents names and SS numbers, other family member's names, pet names, which hight school you attended, highest grade of post high school education, blood type, marital status, favorite color, favorite sports team, and city and state where you grew up. Also any o

    • DoD OPM got absolutely nothing for basically giving away every single piece of personal information belonging to every cleared government and military person ever. Other than my SSN, my bank doesn't have much data about me that's interesting. On the other hand, China now has my SF-86 with stuff so sensitive I don't even tell my own family.

      Heads should have rolled over that one. But..... nothing.

  • I can tell you what's not in their wallet now.
  • 80 million fine on a net INCOME for $5.5B in 2019. Seems right.
  • If we ever want anyone to take it security seriously , these fines must be higher, so high infact t that the risk of a fine from a possible breach has to be bad enugh that continual investment in security would be seen as cheaper by the beancounters
  • Not money apparently.

  • So, it's a good thing I haven't taken up any of the 5,432,463 letters from them, to start an account/get a credit card through them.

    Were I the CEO or other big stockholders, I wouldn't worry, since they found the fine in the office couches, and didn't even get a slap on the wrist, just a "naughty, naughty" and a finger shaken at them.

Pascal is not a high-level language. -- Steven Feiner

Working...