The U.S. Treasury Department has imposed an $80 million fine on Capital One for its ‘careless network security practices’ which led to the hacking of personal information affecting more than 106 million credit card users.
Capital One credit card holders had their personal information accessed and in a consent order on Thursday, it was established that the company had failed to implement ‘effective risk management’ after it migrated operations to a cloud-based service back in 2015.
According to the bank’s own internal investigation, there had been a number of “weaknesses” that had led to the breach within the company, which also included misconduct by management.
Following a number of prominent data breaches over the past several months, U.S. regulators are coming down hard on businesses that fail to protect consumer data whether its personal information such as phone numbers, addresses or social security numbers.
Internationally, other countries have also started to re-evaluate their data laws with tightening restrictions on companies that fail to adequately protect data, even when migrating systems to newer, cloud-based alternatives.
Data security manufacturer Verity Systems, which provides hard drive degaussing equipment to global businesses, told the International Business Times this week that it was vital for “global businesses to protect consumer information by safely destroying data from mechanical hard disks as well as SSDs.”
In 2019, Capital One suffered a data breach that resulted in 140,000 social security numbers being leaked along with 80,000 bank account numbers compromised, considered one of the largest in the banking sector.
And earlier this year, hotel giant Marriott confirmed that it had suffered a second data breach following a previous hack exposing the records of 383 million guests prompting European regulators to impose $123 million in fines on the company.
With businesses moving toward cloud infrastructure, vulnerabilities remain, and in a recent study by IBM, the cost of data breaches have risen in the past year, averaging $8.64 million per breach in the U.S. alone.