The U.S. Treasury Department has fined Capital
One $80 million for careless network security
practices that enabled a hack that accessed the
personal information of 106 million of the bank’s
credit card holders.
The Comptroller of the Currency said in a
consent order that Capital One failed in 2105
to establish effective risk management when it
migrated information technology operations to
a cloud-based service.
It said the bank’s own internal audit failed
to identify “numerous weaknesses” in its
management the cloud environment and
“engaged in unsafe or unsound practices that
were part of a pattern of misconduct.”