It’s been more than a year since Capital One Financial said it had suffered a data breach that exposed the personal information of 106 million customers, but the lessons from the episode are as timely as ever.
The $80 million penalty assessed by the Office of the Comptroller of the Currency on Thursday against the McLean, Va., company for its security lapse highlights how serious a regulatory risk data-integrity issues are — especially those involving cloud computing.
The hack was allegedly carried out by Paige Thompson, a former software engineer at Amazon Web Services, who broke into Capital One’s servers in Amazon’s cloud through a misconfigured web application firewall. Thompson was arrested and awaits trial on charges of hacking Capital One and 30 other organizations.