Capital One management was alerted by staff of multiple security issues prior to data breach
Employees were unhappy that routine cybersecurity measures were being neglected
Capital One employees had reportedly informed the bank ' s internal auditors and other senior executives about staffing and security issues before massive breach of the confidential data.
According to a report by the Wall Street Journal, many members of Capital One ' s cybersecurity team believed that understaffing had led to routine cybersecurity measures being neglected and had discussed all those issues with the management.
In 2017, Capital One hired Michael Johnson - a veteran of the federal government - as its chief information security officer (CISO). Johnson had served as the CIO of the US Energy Department from 2015 to 2016.
But, many employees didn ' t appreciate Mr. Johnson ' s style of management and left their job or changed their divisions within the bank.
In 2018 alone, about one-third staff of the cybersecurity unit left the company, according to the WSJ sources.
Some employees also had concerns over security flaws in Capital One ' s firewalls that were not getting fixed quickly.
Security software purchased from Endgame in 2017 could not be installed more than a year after the purchase.
Capital One ' s spokeswoman told the WSJ that the company is "constantly developing and adapting" to "an ever-changing threat landscape."
"We will incorporate the learnings of this incident to further strengthen our cyber defence," the spokeswoman added.
Last month, Capital One revealed that a hacker was able to illegally access the personal details of about 106 million people, who were either using the bank ' s card or had applied for it.
Later, the investigators arrested a 30-year-old woman, Paige Thompson, in connection with the hack. Thomson had posted several messages about the hack on GitHub.
On 17th July, a white hat hacker sent an email to Capital One, informing them about the hack.
Thompson's motives remain unclear. In a statement, the bank said that it didn ' t believe that the hacker intended to steal people's money. After her arrest, Thomson told investigating agencies that she had not sold any of the stolen data.
A memo filed by the US Attorney ' s Office in Seattle on Wednesday revealed that Thompson may have hacked more than 30 other organisations, including educational groups and businesses.
"The government expects to add an additional charge against Thompson based upon each such theft of data, as the victims are identified and notified," prosecutors said in the memo.
Last month, the New York Attorney General Letitia James announced to open an investigation into the massive security breach at Capital One.
Earlier this month, a lawsuit was also filed against GitHub in a California court in relation with Capital One data break.