Last summer, Capital One made headlines when it came to light that a data breach it experienced affected over 106 million customers. This summer, Capital One is in the headlines again for the fine associated with that breach. In a news release issued last week (that I read about in this ZD Net article), the Office of the Comptroller of the Currency assessed an $80 million fine (payable to the U.S. Treasury) and explained that it was
“based on the bank’s failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank’s failure to correct the deficiencies in a timely manner. In taking this action, the OCC positively considered the bank’s customer notification and remediation efforts.”
In other words, Capital One didn’t have proper risk assessment processes in place before it started storing information in the Amazon Web Services cloud. Moreover, Capital One didn’t correct the deficiencies fast enough in the opinion of the OCC. This is a great reminder that agencies tasked with ensuring compliance with financial, privacy, and cybersecurity regulations are still on the job even in the midst of a pandemic.
If you are using the cloud to store customer or client information, or even your own company’s information for that matter, you want to make sure that you have taken all possible steps to secure your data and prevent you or your company from experiencing something similar to what Capital One experienced.