Capital One breach clouds the cloud; Libra's silver lining

Receiving Wide Coverage ...

Hack aftermath
The massive computer data hack at Capital One “has sent financial institutions scrambling to figure out how millions of records at one of the biggest proponents of cloud-computing were exposed,” the Wall Street Journal reports. The data was stored in Amazon.com’s cloud, “raising questions about whether Capital One put insufficient safeguards in place to lock down customer records when it adopted cloud technology. And the accused hacker’s tenure as a former employee of Amazon’s cloud business highlights the risk—previously little appreciated—of an insider threat.”

The data breach “prompted renewed concerns over cyber security in the cloud,” the Financial Times said. At the same time, New York State attorney general Letitia James announced an immediate investigation into the hack, adding that her office “would work to ensure that any affected New Yorkers are provided relief.”

Big banks like Capital One “are a target for digital troublemakers, like individual hackers trying to impress their peers or intelligence operatives for foreign governments. A single weak spot is all savvy hackers need. And they often find them. Already this year, there have been 3,494 successful cyberattacks against financial institutions, according to reports filed with the Treasury Department’s Financial Crimes Enforcement Network.”

The breach “threatens to upend [Capital One’s] long-held reputation for digital prowess” and put it “on the front line of concerns about what the tradeoff is for banks looking to emulate the practices of tech companies, which themselves have been criticized over their handling of consumer information. Many big banks are following Capital One’s lead to outsource more of their tech processes, but questions remain about whether new security gaps are being opened and how closely regulators should be able to watch.”

Capital One’s shares dropped nearly 6% on Tuesday, their worst day in more than six months. At their lowest point on the day, the shares were down nearly 8%, “which would have been their worst day since 2015.”

“Recent history shows that it can be hard for companies to recover from these incidents,” the Journal said.

“Capital One's breach shared something in common with other notable hacks — it was a preventable security lapse, and its mistakes may be ones other institutions are in danger of repeating,” American Banker said.

Wall Street Journal

Judged too soon?
Despite opposition from federal lawmakers, Facebook’s proposed Libra cryptocurrency “could be a valuable tool for law enforcement, partly because of the vast amounts of information that will be generated about its users. With Libra, both the transactions made and who made them will be recorded.” (American Banker's take here.)

The Facebook logo is displayed for a photograph on an Apple iPhone.
The Facebook Inc. logo is displayed for a photograph on an Apple Inc. iPhone in Washington, D.C., U.S., on Wednesday, March 21, 2018. Facebook is struggling to respond to growing demands from Washington to explain how the personal data of millions of its users could be exploited by a consulting firm that helped Donald Trump win the presidency. Photographer: Andrew Harrer/Bloomberg
Andrew Harrer/Bloomberg

Financial Times

Let the bidding begin
Deutsche Bank “has set a September deadline for bids on the vast portfolio of equity derivatives it is selling, as the struggling lender looks to expedite a key part of its ambitious restructuring. The derivatives are among the assets earmarked for disposal in Deutsche’s bad bank, which it is relying on to free €10 billion to help foot the bill for the overhaul as well as fund investments in technology, compliance and control functions.”

Rejected
A U.S. appeals court in Washington has upheld contempt orders against three Chinese banks that refused to comply with Justice Department subpoenas to turn over information relating to their dealings with North Korea. The lenders’ names are under seal but they are believed to be Bank of Communications, China Merchants Bank and Shanghai Pudong Development Bank. “The finding means Shanghai Pudong Development Bank, which had received an administrative subpoena under the U.S. Patriot Act, rather than a grand jury subpoena, could be at risk of losing access to the U.S. financial system.”

In the black
Atom Bank, the U.K.’s first digital-only bank, said it has started to turn a profit after a “painful” year. The bank, which specializes in mortgage lending, has shifted “towards more profitable borrowers such as first-time buyers.” It also “plans to introduce several new products as it attempts to become a profitmaking business.”

Quotable

“Though Capital One’s breach was internal, the fact still remains that safeguards were missing that allowed for the illegal access of consumers’ names, social security numbers, dates of birth, addresses, and other highly sensitive, personal information. We cannot allow hacks of this nature to become everyday occurrences.” — New York State attorney general Letitia James, announcing that her office had opened an investigation into the Capital One hack.

For reprint and licensing requests for this article, click here.
Data breaches Data security Cloud hosting Digital banking Capital One Facebook
MORE FROM AMERICAN BANKER