OCC Ends 2020 Capital One Consent Order
By: Ken Chase.
The U.S. Office of the Comptroller of the Currency (OCC) announced this week that it has terminated a 2020 consent order related to a 2019 Capital One data breach. In its announcement, the OCC confirmed that it believes that the bank has made enough progress in addressing the 2019 failures that it no longer needs to be subject to additional oversight.
The data breach that led to the consent order impacted more than 100 million customer accounts while also exposing roughly 140,000 credit card customers’ Social Security numbers. A Seattle hacker named Paige Thompson gained access to that data before Capital One discovered the breach and fixed the problem. Thompson was convicted of crimes related to that hacking in June of this year and is awaiting sentencing.
For its part, Capital One was required to pay a penalty of $80 million for its failures. In addition, the bank was ordered to create a compliance committee and submit quarterly reports to the OCC that outlined the company’s efforts to update auditing and risk management processes. With the consent order now lifted, those updates will no longer be required.
As a result of the breach and Capital One’s failure to secure its maintain proper risk assessment processes, the Federal Reserve had required to bank’s board to provide a written strategy explaining its plans to enhance its risk management and implement better controls to safeguard its customers’ information. Last year, Capital One settled a class-action lawsuit related to the incident for $190 million.