The Office of the Comptroller of the Currency announced that Capital One will pay an $80 million fine and undertake several steps designed to reassure regulators that security has been improved since the 2019 data breach that prompted the action.
In the data breach, more than 100 million credit applications were accessed by malicious actors. The office said that Capital One deserved credit for its victim notification and remediation actions following the breach.
In addition to the fine, Capital One agreed to submit to an internal audit of the firm's risk management program. The company also agreed to enhance its cybersecurity defenses and submit an outline of its plans for improvement to the Federal Reserve within 90 days.