American credit card company Capital One has agreed to pay an $80m fine to the US Office of the Comptroller of the Currency (OCC) over a major hack last year.

The hacking incident involved a data breach of about 100 million credit card applications.

Prior to the arrest of the suspected hacker Paige A. Thompson in July 2019, the Virginia-based bank told the regulators it had tightened its security around customer information.

However, OCC ordered the bank to take additional steps to prove its computer systems’ security.

In a statement, OCC said that the Capital One fine was levied “based on the bank’s failure to establish effective risk assessment processes” and the “bank’s failure to correct the deficiencies in a timely manner.”

The statement was issued before the bank moves a large portion of its data to cloud storage.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

In a statement, Capital One said: “Safeguarding our customers’ information is essential to our role as a financial institution.

“The controls we put in place before last year’s incident enabled us to secure our data before any customer information could be used or disseminated and helped authorities quickly arrest the hacker.

“In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders.”

Capital One stressed that no credit card numbers, login credentials as well as the social security numbers (SSNs) on the affected applications were compromised when it announced the breach.

The 100 million credit card applications and SSNs belonged to more than 100,000 customers.

According to the officials, Thompson admitted to hacking the bank to someone in an online discussion, who then alerted the bank.

After Capital One received the tip, it was able to identify the vulnerability in its system.