Capital One’s board of directors will be required to establish a compliance committee by the end of the month with at least three members who aren’t officers of the bank. The lender will also have to craft plans that document the expected and potential threats created from using technology, according to orders from the Office of the Comptroller of the Currency and the Federal Reserve.
“Safeguarding our customers’ information is essential to our role as a financial institution,” Capital One said in a statement. “In the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses, and have made substantial progress in addressing the requirements of these orders.”
In crafting the consent order, the OCC said it “positively considered” Capital One’s efforts to notify customers and remediate the impacts of the breach.
In July 2019, Capital One announced a hacker was able to tap into the vast trove of data on Amazon.com Inc. servers the bank was using, siphoning off sensitive information on more than 100 million Americans. Federal authorities later arrested and charged Paige A. Thompson with illegally accessing the bank’s files.
Capital One was among the first financial institutions to publicly tout its move to the cloud. Since the hack, the firm has sought to shore up its cybersecurity practices and hired
To contact the reporter on this story:
To contact the editors responsible for this story:
© 2020 Bloomberg L.P. All rights reserved. Used with permission.