American credit card company Capital One has agreed to pay an $80m fine to the US Office of the Comptroller of the Currency (OCC) over a major hack last year.
The hacking incident involved a data breach of about 100 million credit card applications.
Prior to the arrest of the suspected hacker Paige A. Thompson in July 2019, the Virginia-based bank told the regulators it had tightened its security around customer information.
However, OCC ordered the bank to take additional steps to prove its computer systems’ security.
In a statement, OCC said that the Capital One fine was levied “based on the bank’s failure to establish effective risk assessment processes” and the “bank’s failure to correct the deficiencies in a timely manner.”
The statement was issued before the bank moves a large portion of its data to cloud storage.
In a statement, Capital One said: “Safeguarding our customers’ information is essential to our role as a financial institution.
“The controls we put in place before last year’s incident enabled us to secure our data before any customer information could be used or disseminated and helped authorities quickly arrest the hacker.
“In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders.”
Capital One stressed that no credit card numbers, login credentials as well as the social security numbers (SSNs) on the affected applications were compromised when it announced the breach.
The 100 million credit card applications and SSNs belonged to more than 100,000 customers.
According to the officials, Thompson admitted to hacking the bank to someone in an online discussion, who then alerted the bank.
After Capital One received the tip, it was able to identify the vulnerability in its system.