Capital One To Pay $80 Million Fine After Data Breach (nytimes.com) 19
Capital One Financial Corp will pay an $80 million penalty to a U.S. bank regulator after the bank suffered a massive data breach one year ago. From a report: The fine, announced Thursday by the Office of the Comptroller of the Currency, punishes the bank for failing to adequately identify and manage risk as it moved significant portions of its technological operations to the cloud. "Safeguarding our customers' information is essential to our role as a financial institution," said a bank representative in a statement. "In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders." In July 2019, the bank disclosed that personal information including names and addresses of about 100 million individuals in the United States and 6 million people in Canada were obtained by a hacker. The suspected hacker was a former employee of Amazon Web Services, a cloud provider where the bank had moved some of its data.
80 mil huh? (Score:1)
where do these fines go anyway?
Re:80 mil huh? (Score:5, Insightful)
as a Cap One customer, how much of that goes in my pocket?
Zero. This is a fine, paid to the government. It goes to the US Treasury.
In theory, you will benefit from 25 cents worth of extra government.
Also, many people whose data was exposed were not Capital One customers.
Re: (Score:2)
Zero. This is a fine, paid to the government. It goes to the US Treasury.
In theory, you will benefit from 25 cents worth of extra government.
Also, many people whose data was exposed were not Capital One customers.
Puh-lease this isn't going toward extra government, it's just a nuisance fine. That way the agency can pretend they're doing due diligence, the company can act like it stung, because otherwise their legislative / presidential friends would attack the agency / agency funding...
One of my good friends was an OSHA inspector for many decades after being in the military and an engineer. He could've kept his whole team busy at one plant in his area even if they only arrived every quarter. Yes, there were that
Oh, I see.... (Score:5, Insightful)
"Safeguarding our customer's information is essential to our role as a financial institution," said a bank representative, as he explained how they totally failed at safeguarding their customer's information.
So they get away with a slap on the wrist (Score:4, Insightful)
Re:So they get away with a slap on the wrist (Score:4, Insightful)
Lets face it 80 mil is nothing and really an insult to those they failed. It further undermines efforts to make banks and other financial institutions fix their security problems. If it had been a billion you might see more effort to fix their broke policies and infrastructure.
Uh, it's probably worse than that.
A fine of $80 million, most likely means the egregious activity was financially worth it.
Which means they'll fucking do it again.
Watch.
Re: (Score:2)
Re: (Score:2)
/Oblg. Fight Club [youtube.com] Insurance Recall Formula
Re: (Score:3)
Once saw the decision chart the legal department (large US insurance/mortgage company) used for looking at death claims.
Below a certain threshold (~$80K) they didn't bother contesting it.
Above that line, they looked at whether there was anything they could deny it on. Classified as 'Heck no', 'Possibly, but sketchy', 'Likely', and 'Yeah, we can tell the beneficiary to go !@#$ themselves'.
If a claim fell into the 'sketchy' realm, they looked at the education and financial situation of the beneficiary. No h
Re: (Score:2)
make banks and other financial institutions fix their security problems.
The biggest security problem is pretending that semi-public information such as social security numbers are "secrets".
This is a major reason that America has a much higher rate of identity theft than most other countries.
Financial institutions should be banned from using SSNs for authentication.
Re: (Score:2)
Re: (Score:2)
Right here on Slashdot please post you full name, SS number, primary mailing address, phone numbers, driver's license number, passport number if you have one, all credit card numbers/online passwords, email address/password, parents names and SS numbers, other family member's names, pet names, which hight school you attended, highest grade of post high school education, blood type, marital status, favorite color, favorite sports team, and city and state where you grew up. Also any o
Re: (Score:2)
DoD OPM got absolutely nothing for basically giving away every single piece of personal information belonging to every cleared government and military person ever. Other than my SSN, my bank doesn't have much data about me that's interesting. On the other hand, China now has my SF-86 with stuff so sensitive I don't even tell my own family.
Heads should have rolled over that one. But..... nothing.
What's in their wallet? (Score:2)
80 Million? (Score:2)
Not enugh (Score:1)
"What's In Your Wallet?" (Score:2)
Not money apparently.
Couch change (Score:2)
So, it's a good thing I haven't taken up any of the 5,432,463 letters from them, to start an account/get a credit card through them.
Were I the CEO or other big stockholders, I wouldn't worry, since they found the fine in the office couches, and didn't even get a slap on the wrist, just a "naughty, naughty" and a finger shaken at them.