Financial Services Industry

 View Only

  • 1.  News Release:OCC Assesses $80 Million Civil Money Penalty Against Capital One

    Posted Aug 07, 2020 12:38:00 PM

    The OCC fined Capital One $80M (USD) for the infamous 2019 data breach, as compared to nearly $700M for Equifax's 2017 data breach.

    Please weigh in as to why there was such a disparity in the OCC's fines.

    Has corporate data stewardship become a lower priority during this era of COVID-19?

    https://lnkd.in/gu9MtVU



    ------------------------------
    Shamun Mahmud
    Standards Officer, Sr. Research Analyst
    Cloud Security Alliance
    WA
    ------------------------------


  • 2.  RE: News Release:OCC Assesses $80 Million Civil Money Penalty Against Capital One

    Posted Aug 07, 2020 03:50:00 PM
    @Shamun Mahmud Were the data breaches comparable? Maybe they are being easier on Capital One because of covid19... Or maybe there is something shady going down.

    Interesting, thanks for sharing. What do you think John? @John Yeoh 


    ------------------------------
    Jaclyn Parton
    Marketing Coordinator
    Cloud Security Alliance
    Bellingham WA
    ------------------------------

    Original Message


  • 3.  RE: News Release:OCC Assesses $80 Million Civil Money Penalty Against Capital One
    Best Answer

    Posted Aug 07, 2020 04:47:00 PM
      |   view attached
    This is a very noticeable difference in fines when compared to the amount of customers compromised in both attacks. But I do think it has to do with how Capital One handled the breach with their notification to customers and regulators. It's also worth noticing that the attacker was identified and arrested in a ten day time frame of the public notification. That is simply unheard of by historical standards! Forensic efforts and cooperation with law enforcement was very efficient.

    Attached is a snapshot of the attack details and controls to mitigate the type of attack that took place. Let me know if this is helpful. The Top Threats Working Group has also taken eight other recent breaches through this type of attack-tree exercise.

    Attachment(s)

    pdf
    Top-Threats-Deep-Dive-2020-First-Look-Updated.pdf   342 KB 1 version
    Original Message


  • 4.  RE: News Release:OCC Assesses $80 Million Civil Money Penalty Against Capital One

    Posted Aug 10, 2020 04:48:00 PM
    I have to agree with John, it was a clearly a good faith effort to address the issue quickly on the part of Cap One. I have heard secondhand that the incident was even positioned as showing how cloud enabled incidents to be surfaced more rapidly.

    ------------------------------
    Jim Reavis CCSK
    Cloud Security Alliance
    Bellingham WA
    ------------------------------

    Original Message