PYMNTS-MonitorEdge-May-2024

CapOne Security Head Transferred In Wake Of Data Breach

capital one, cyberattack, breach, security chief, CISO, Michael Johnson, news

Capital One’s chief information security officer (CISO), Michael Johnson, is being transferred to a new position following the bank’s colossal cyberattack in July, The Wall Street Journal (WSJ) reported Thursday (Nov. 7).

Sources told WSJ that Capital One employees were notified that Johnson was being transferred to an advisor’s role, and an external search was planned to find a replacement. Johnson served as CISO since 2017.

Chief information officer (CIO) of Capital One’s commercial bank, Mike Eason, was appointed interim CISO, the sources said.

At least 12 Capital One cybersecurity employees have exited since the breach due to security issues left hanging by Johnson and other executives, sources told the WSJ.

Johnson previously worked for the federal government and reportedly bumped heads with bank employees after being appointed CISO. Some said they even doubted his security expertise and worried about the length of time it took to deal with problems, sources said.

Capital One employees raised red flags over security risks before the company suffered a massive data breach.

About five years ago, the company started moving its data to the cloud. The alleged hacker, Paige Thompson, was a former employee of Amazon Web Services, which hosted the Capital One database that was breached.

Thompson of Seattle was charged with one count of computer fraud and abuse following her arrest on July 30.

The breach impacted about 100 million individuals in the United States and around 6 million in Canada. Capital One stressed that credit card account numbers and login credentials were not compromised, while more than 99 percent of Social Security numbers were not impacted.

The hack is expected to cost the company between $100 million and $150 million in the near term.

According to the FBI complaint, the bank told the bureau that the data includes “likely tens of millions of applications and approximately 77,000 bank account numbers.”

PYMNTS-MonitorEdge-May-2024