news
Capital One fined US$80 million for 2019 data breach
apital One, a leading
C
financial services
corporation, has been
issued an US$80 million fine by
the Office of the Comptroller of the
Currency (OCC) after it experienced
a data breach in 2019.
A statement from the OCC said:
“The OCC took these actions
based on the bank’s failure to
establish effective
risk assessment
processes prior to
migrating significant
information
technology operations
to the public cloud
environment and
the bank’s failure
to correct the
deficiencies in a
timely manner.
“In taking this action,
the OCC positively
considered the bank’s customer
notification and remediation efforts.
While the OCC encourages responsible
innovation in all banks it supervises,
sound risk management and internal
controls are critical to ensuring bank
operations remain safe and sound and
adequately protect their customers.”
Mark Bower, SVP Data Security
Specialist, comforte AG, said: “The
OCC’s Capital One order mirrors
how we’ve seen industry regulators
rip into ineffective controls over data
protection.
“What’s very surprising about this
breach is, per Capital One’s prior
announcements, only a fraction of
the regulated data was properly
tokenised (Credit card and SSN
data) and the rest accessible under
attack. Had tokenisation been
applied across the full regulated data
set, this breach would have been a
non-event.
“The US$80 million fine is the
tip of the iceberg. The true cost
of remediation, impact and the
reputational loss is likely to be a lot
higher. This may also set the tone
for secondary litigation, where cost
impact can escalate.”
Capital One has not responded to
Intelligent CISO for comment.
QUALYS APPOINTS BEN CARR AS CHIEF
INFORMATION SECURITY OFFICER
ualys, a pioneer and leading
Q
provider of disruptive cloudbased
IT, security and
compliance solutions, has announced
the appointment of Ben Carr as Chief
Information Security Officer (CISO).
Carr is responsible for providing
cybersecurity guidance and security
strategies to Qualys customers,
leading the CIO/CISO Interchange,
developed in partnership with the
Cloud Security Alliance, and securing
Qualys as he leads the internal risk
and security efforts to reduce the
company’s risk and security exposure
while ensuring compliance across
the world.
Carr is a proven information security
and risk executive and thought
leader with more than 25 years of
experience in executing long-term
security strategies. Most recently, he
was the CISO of Aristocrat, a global
games leader, and before that, he held
Ben Carr, Qualys’ newly appointed CISO
executive strategic leadership roles at
Cyberbit and Tenable.
From 2012 to 2016, he was the
Senior Director of Global Information
Security for Visa, where he developed
and led Visa’s global Attack Surface
Management team and capability.
Earlier in his career, he led all security
programmes for Nokia corporate IT as
the Global Head of IT Security.
Commenting on the new role, Carr
said: “Qualys is uniquely positioned
for growth and success as the security
industry finally fully embraces the shift
towards cloud technologies.
“I am delighted to be part of the team
that can make that happen.” u
www.intelligentciso.com | Issue 29
13