An action was taken against Capital One for its massive data breach by the US government and Federal Reserve.
For improving Capital One’s risk management program and internal controls the Fed has filed a cease and desist order against them. Both of these factors are related to cybersecurity and information security. In response to the action which Capital One reacted in i.e. entering into consent with the Fed and the Office of Comptroller of the currency that this was a part of! After the announcement of $80 million civil penalties to Capital One by the Office of the Comptroller, this action of Fed comes into the picture.
Cycling back to the times as record holds, it was in July 2019 that Capital One revealed how a hacker had hacked private data of more than 100 million customers of the bank. Not only did the hacked information had details of Social Security numbers, credit card applications, home addresses, credit scores, credit limits, and balances, but also personal data of approximately 6 million individuals in Canada, the Federal Reserve Bond states.
The Comptroller’s office says, “The OCC took these actions based on the bank’s failure to establish effective risk assessment processes before migrating significant information technology operations to the public cloud environment and the bank’s failure to correct the deficiencies promptly.”
Seeing history, this is one of the biggest hacks of data in the field of banking and some of the most financially vulnerable customers of banks are affected. Blaming it on the controls that were put in place just before the hack happened, Capital One explains how the hacker must have functioned.
A spokesperson of Capital One in an interview with a news agency says,” Safeguarding our customers’ information is essential to our role as a financial institution. In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders.”
Capital One’s board committee will have to submit the plan of action to the Fed within 90 days which will ensure Fed about their improvement in the areas of risk management and internal governance and controls. Apart from this, Capital One also has to provide a timeline in which this plan would be implemented.