Do you think financial institutions should be subject to more stringent laws regarding protecting consumer data?
Cybersecurity experts are saying the Capital One data breach that compromised the personal information of more than 100 million people may have been preventable had the credit card issuer taken more care in configuring the firewall used to protect the system from intrusions.
The breach potentially revealed the names, addresses, ZIP codes, phone numbers, email addresses, dates of birth and self-reported income of about 100 million people in the United States and 6 million in Canada as well as compromised a smaller portion of customers' Social Security and bank account numbers. The hacker was allegedly able to break into data stored in the cloud, or remote servers maintained by a third party because the firewall was not configured properly to the specifications of the server.
The Capital One breach comes on the heels of credit rating giant Equifax's settlement for more than $575 million over a data breach it had two years prior. But some consumers are complaining because Equifax faced little fallout — no top officials were fired and the fine FTC levied only amounted to about 20% of the company’s annual revenue for 2018. According to the Gramm-Leach-Bliley Act of 1999, financial institutions are required to safeguard sensitive data, specifically detecting and managing system failures. Now some consumers and lawmakers are calling for more stringent laws regarding financial institutions protecting consumer data.